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(57) Abstract: A method and system detects copy fraud by using a unique character string, e.g., a tracking ill that can be associated 
wUh a Ssl^ge indkium and digitally signed to pn,vide for a self-validating unique postage indicium. Once validated by the postal 
lu Lri^ tt ticking ID within the unique postage indicium can be compared to the tracking ID;s in all other postage .nd,c,a or to 
a sU^Sd n-acSng ID to ensure that tracking ID is indeed unique. Another improvement uses an mdexmg identifier (such as, e.g.. a 
^S^ro or a iSge vendor ID. user account, and piece count) to decrease the size, or eliminate the use, of the postage mdicum 
SnS'to a^ndTer computer: An indexing identifier, rather than the postage indicium, is ^-^i'"';" ^^^"^^^^^ 
Yet another improvement facilitates refunding unused postage. Information for a postage ^« wL^oSi^ 

delivery status, is stored. Unused postage exists when there is duplicative postage transactions or the mail piece was not delivered. 
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TITLE 

SYSTEMS AND METHODS FOR DETECTING POSTAGE FRAUD USING A UNIQUE 
MAIL PIECE INDICIUM, REDUCING THE SIZE OF POSTAGE INDICIA, AND 

REFUNDING POSTAGE 

5 

FIELD OF THE pNTVENTION 

The present inventions relate generally to electronic postage metering systems, and 
more particularly, personal computer (PC)-based postage systems. 

BACKGROUND OF THE INVENTION 

10 In 1992, the United States Postal Service (USPS), acting largely on a formal 

December 1991 proposal by the inventor, began investigating the feasibility of PC-based 
postage technology. The USPS hosted an exploratory meeting, inviting the mventor and the 
four existing conventional postage meter vendors (Pitney Bowes, Neopost (called Friden at 
the time), Ascom Hasler, and Franco Postalia) — ^firms that represented 100% of the US meter 

15 market at that time. Subsequent years saw a number of follow-on meetmgs, and the USPS 
eventually pubUshed a specification in the 1996 Federal Register outlining what the USPS 
called an "Information Based Postage Indicium Program (IBIP)." The requirements for the 
IBIP are currently set forth in a document called "Information Based Indicium Program 
(IBIP) ^Performance Criteria For Information-Based Indicia and Security Architecture for 

20 Open IBI Postage Evidencing Systems (PCIBI-O)," which was pubUshed on June 25, 1999 
by the USPS, and which is fully and expressly incorporated herein by reference. 

Two different types of PC-based postage architectures have evolved. The first type of 
architecture is a distributed postage indicia generation system, an example of which is 
detailed in U.S. Patent No. 5,3 19,562, entitled "System and Method for Purchase and 

25 AppUcation of Postage Using Personal Computer," which is expressly and fiilly incorporated 
herein by reference. In this system, lump sums of postage are purchased and downloaded via 
a telecommimications link to a local secure computational device at the end user's location. 
In USPS jargon, this device is called the Postal Secure Device (PSD). Typically, these 
postage transfers range &om fifty to several thousand dollars. This amount is added to 

30 whatever balance ronains in the PSD. The end user may then draw upon the balance in the 
PSD to produce postage indicia of varying amoimts and service classes that are printed on 
mail pieces. As the mail pieces are individually metered (or in the case of the IBIP, created 
and simultaneously "metered"), the balance in the PSD is decremented by the transaction 
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amount (e.g., 34 cents). The second type of architecture is a centralized postage indicia 
generation system, an example of which is detailed in U.S. Patent No. 6,005,945, entitled 
"System and Method for Dispensing Postage Based on Telephonic or Web MilU- 
Transactions," and wliich is fully and expressly incorporated herein by reference. La this 
5 system, the end user's account balance is securely stored in a centralized postage-issuing 
computer system, and the end user contacts the centralized postage-issuing computer system 
each and every time postage is to be applied to a mail piece. 

Referring to Fig. 1, a typical IBIP mail piece 100 printed using either the distributed 
or the centralized postage indicia architecture is shown. The mail piece 100 comprises an 

10 envelope 102 on which various items are printed. A postage indicium 104 (in layperson's 
terms, a "stamp"), as applied by a computer printer, is located in the upper right hand comer 
of the envelope 102. The postage indicium 104 comprises a two-dimensional barcode 106 
containing data relating to the mail piece 100 and the account holder, as well as human- 
readable information 108, e.g., the data, account number and amoimt of postage. The USPS 

1 5 has currently approved Portable Data File (PDF) and DataMatrix 2-D barcodes. Facing 
Identification Marks (FIM) 1 10 are located at the top of the envelope 102 above and to the 
left of the postage uidiciimi 104, and are used by the USPS for tiie initial sortation of letter 
mail. The significance of the FIM 1 10 in letter mail processing is described in U.S. Patent 
No. 5,319,562. A retum address 112 and destination address 114, which are self-evident, are 

20 printed on the face of the envelope 102, A POSTNET barcode 116, which is located beneath 
the destination address 114, represents the delivery point ZIP code of the destination address. 
The delivery point ZIP code is an 1 1 -digit code, only 9 of which are shown on the last line of 
the destination address 114. The last two digits of the delivery point ZIP code are generally 
derived from the last two digits of the street address nmnber, which in the illustrated 

25 embodiment, is "47." 

The amount of data in the postage indicium 104 is substantial and was designed with 
a distributed postage indicia generation system in mind. Significantly, in a distributed 
postage indicium generation architecture, the USPS has no detailed knowledge of how the 
postage is consumed. For example, for a hypothetical $100 of postage downloaded, the end 
30 user could create ten postage indicia of a $10 valuation, two hundred indicia of 50-cent 
valuation, or a combination thereof In reality, the number of permutations is far greater. 
The USPS approach to this problem was to create a postage indicium with sufficient 
information, so that its authenticity could be determined in the absence of any other 
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information. In other words, the USPS sought a "stand-alone" system that would be 
verifiable using only the human-readable information on the mail piece 100 and the data 
CTicoded in the two-dimensional barcode 106 of the postage indicium 104. In theory, no 
other "outside" information would be necessary. Table 1 sets forth the current IBIP postage 
5 indicium contents, including the field name and byte size of each content item. 



Table 1: Current IBIP Indicium Contents 



Item Number 


Field Name 


Size (Bytes) 


1 


Indicia Version Niraibar 


1 


2 


Algorithm ID 


1 


3 


Certificate Serial Number 


4 


4 


Device ID 


8 


5 


Ascending Register 


5 


6 


Postage 


3 


7 


Date 


4 


8 


License ZIP 


4 


9 


Destination ZIP 


5 


10 


Software ID 


6 


11 


Descending Register 


4 


12 


Rate Category 


4 


13 


Si^ature 


40 


14 


Reserved (Vendor Specific Information) 


1 


15 


Piece Count (Vendor Specific Information) 


4 



Thus, the date (item #7) embedded in the barcode portion of the postage indicium 104 
could be compared to the current date, as well as to the himian-readable date. The postage 

10 amount (item #6) embedded in the barcode portion 106 of the postage indicium 104 could be 
compared to the human-readable postage amount, and for United States addresses, the 
delivery point ZIP code (item #9) embedded in the barcode portion 106 of the postage 
indicium 104 could be compared with the delivery address 114 printed on the mail piece 100. 
Should any of these "information pairs" show an inconsistency, the mail piece 100 would be 

15 immediately suspect and would be a candidate for further investigation. 

The "veracity of the invention in the barcode portion 106 of the postage indicium 
104 was to be vaUdated by public key cryptography, which was first disclosed by Diffie and 
Helkaan in 1976, and essentially involves the use of a matched pair of public and private key 
components to either encrypt or digitally sign data. The keys are extraordinarily large integer 
20 values that have interesting cryptographic capabiUties. Briefly, the public key component can 
be used to encrypt material, or verify a digital signature created by the corresponding private 
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key. The private key component can be used only to create digital signatures that can be 
verified by the public key. Importantly, the pubhc key component can be widely 
disseminated and in fact "published," because it is virtually impossible to infer the 
corresponding private key component In cryptographic terms, it is "computationally 
5 infeasible" to infer the private key component given the pubhc key component provided the 
modulus or size of the key is of sufficient size. Given the computational speed of computers 
available at the time of this writing, key sizes of 1024 or 2048 bits are considered highly 
secure. 

In the USPS implementation, pubhc key encryption is not used, but rather the private 
10 key component is used to digitally sign data. For example, as illustrated in Table 1, a private 
key component is used to digitally sign the first twelve items contained in the postage 
indicium 104 to generate a digital signature (item #13), which digital signature is then 
appended thereto. In the USPS model, each end user (i.e., meter account) has a unique 
public/private key pair assigned to him or her. The private key component is never divulged 
15 to the end user, but is stored securely in the PSD at the end user's site. The PSD digitally 
signs the data, i.e., the information associated with the postage indicium request The 
matching public key component can then be used to vaUdate the signature. A more detailed 
discussion of how public key cryptography is used in the IBIP is disclosed in U.S. Patent No. 
6,005,945. 

20 Despite the commercial potential of the IBIP, it languished in uncertainty for several 

more years vmtil two vendors were approved for beta testing in August of 1998. The 
companies, EStamp and Stamps.com, were relative newcomers to the PC-postage effort. 
Both firms finished beta testing approximately one year later (the fall of 1999). Pitney 
Bowes, the dominant conventional manufacturer, and Neopost were approved several months 

25 later. A host of high-value IPO's, based on vastly overstated market potential, funded the 

EStamp and Stamps.com efforts during the late 1990's. Significantly, as the year 2001 draws 
to a close, EStamp has withdrawn firom the postage business, Stamps.com is encoimtering 
several financial and legal problems, and the IBIP is in disarray. During their existence, the 
foregoing two firms consumed nearly one billion dollars in venture capital and pubhc 

30 investment funds attempting to make PC-postage a viable business. In sum, two 

extraordinarily well-funded vendors have been driven out of the business, the estabhshed 
manufacturers of postage meters have curtailed or delayed their entry into the PC-Postage 
arena, and end users who were hopeful that this technology would save them time, money. 
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and frustration were deeply disappointed. There are a host of factors that have contributed to 
the failure of the JBJP to date. 

First, the USPS has insisted on developing a •♦perfect" security model before 
embarking on limited, alpha-level field-testing to identify "real world" problems. Second, 
5 the USPS has emphasized envelope printing, which, due to unyielding USPS mail processing 
requirements, proved to be very difficult to produce on desktop printers. This was especiaUy 
trae for courtesy reply envelopes provided by utilities and credit card firms, for example, 
because not only was the envelope difficult to feed and position, but there was a conflict in 
certain mail processing markings, especially the Facing Identification Code (FIM). Third, the 
10 focus on the consumer market with the promise of large numbers ended up costing the initial 
vendors large sums of money to acquire these customers, which did not provide sufficient 
financial returns. Fourth, the USPS was slow to appreciate and embrace a host of fraud 
prevention and detection enhancements inherent to centralized postage dispensing systems. 
Fifth, there is a lack of single piece discounts for IBIP postage users, even though the 
15 addressing and automation requirements imposed by the IBIP are comparable with other 
discount mailings (such as First Class Presort mail), and even though the discount was 
repeatedly recommended by the Postal Rates Commission. 

Sixth, the public key infrastructure (PKI) approach adopted by the USPS has fallen 
short on many fronts. The first PKI-related problem surfaced immediately after the USPS 
20 published the initial IBIP specification in 1 996. hi order to provide a "stand-alone" 

verification system, barcode portion 106 of the postage indicium 104 would not only contain 
the items shown in Table 1, but would also have to carry the associated pubUc key 
mfonnation for that account. The data in Table 1 is represented by 96 bytes. Because the 
pubUc key component for a 1024 bitDSA key pair is 128 bytes long, however, adding the 
25 pubHc key component for stand-alone verification caused the postage mdicium 104 to be over 
twice the size of the current IBIP version. Comparable public key lengths are seen m the 
other USPS-jqpproved key pairs such as RSA and elliptic curve. 

But the postage indicium 104 needed to be still larger to achieve the goal of stand- 
alone verification, because the public key component itself must be verifiable. To understand 
30 why, suppose an adversary generated her own pubHc/private key pair. This is a very easy 
process for an entry-level cryptographic programmer. Then she could create a mail piece, 
generate indicium data with fraudulent account mformation, digitally sign that mformation 
with a private key, and then ^pend the pubUc key to the end of the indicium data. To a 
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verifying party in a stand-alone environment, everything would seem to be in order if one 
trusted the public key component. 

This problem can be solved by using a Certificate Authority (CA), which is a very 
trusted party (e.g., a government agency or a private firm such as Verisign) who will accept a 
5 public key component generated by a third party, investigate that party to ascertain that they 
are who they say they are, and upon approval, digitally sign the pubUc key with a master 
private key maintained by that CA. Thus, if the verifying party has the pubUc key component 
of the CA available in the stand-alone verification system, it can be used to verify the digital 
signature on the account-specific public key component. If that verification is successfiil, the 
10 account-specific public key can be used to authenticate the postage indicium 1 04. 

The advantage of this approach is that a single master CA public key can be used to 
ascertain the veracity of milHons of other pubhc keys. The disadvantage is that not only is a 
128-byte account-specific public key required in the postage indicium 104, but the digital 
signature generated by the CA adds another 40 to 128 bytes of information. In addition, the 
15 C A typically embeds other information in the signed package, includiag the name of the 

party and the range of dates for which the account-specific public key is valid. The complete 
package is called a digital certificate and can grow to a size of several thousand bytes 
depending upon how many intermediate CA's are involved. The indicium data stream 
initially proposed by the USPS approached 500 bytes, and the associated two-dimensional 
20 bar code portion 1 06 of the postage indicium 1 04 covered approximately 25% of the area of a 
typical commercial #10 envelope. The maihng coimnunity and potential IBIP vendors 
resoundingly rejected this as completely unworkable. 

The inventor (and presumably other potential IBIP vendors) proposed an alternative 
approach to the USPS, which brought the postage indicium down to tiie current 100 bytes. 
25 Rather than including a large digital certificate, a unique 4-byte numerical key pair ID (item 
#3 in Table 1) would be included instead. The key pair ID then referCTices a complete CA- 
signed, account-specific public key that the USPS can disbibute to field verification staff via 
CD-ROM or other means. Essentially, each verification staff member would have a database 
of CA-signed public keys indexed by a key pair ID. When scaiming postage indicium 104, 
30 the key pair ID would be used to look up the appropriate public key, and that key would be 
used to verify the digital signature in the postage indicium 104. 
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While solving the space problem on the mail piece, the inclusion of a key pair ID 
within the postage indicium 104 did present the USPS with a new problem of distributing 
public keys to its field staff This proved to be a daunting task, as some vendors were signing 
up thousands of new end users per month, each of whom represented a public key that needed 

5 to be distributed to every field verifier if the goal of stand-alone verification was to be 
achieved. Thus, the second major PKI-related problem encountered by the USPS and the 
IBIP vendors was the cost and logistical issues associated with managing himdreds of 
thousands, if not millions, of key pairs. IBIP vendors were charged for each key pair 
certified by the USPS CA. The cost, $8.00 US, was substantial for a PC postage service that 

1 0 had a price point as low as $ 1 .99/month. Furthermore, the USPS had to mauitain the 

database of public keys, deal with the revocation and reissuing of public keys as they expired, 
and handle other issues associated with the PKI. 

In 1998, the inventor suggested another approach to key management in centralized 
postage systems, which is disclosed in U.S. Patent No. 6,005,945, Stated briefly, this 

1 5 approach uses a smgle key pair to service the entire user community for a given centralized 
postage vendor. The key pair might change daily, weekly or monthly for security reasons, 
but the net effect would be that only dozens of keys would be employed as compared to 
millions. We hasten to reiterate that this approach is feasible only when the postage indicia 
are created at the centralized server cluster run by the postage vendor. That is, the safety of 

20 the private key can be assured since it is in tiie possession of the trusted postage vendor, and 
not the end user. It should be noted that even the centralized system postage vendor does not 
have direct knowledge of the private key material. USPS design guidelines require that 
private key material can only be presented "ui the clear" within the confines of a FIPS-140 
coprocessor device at the centralized server cluster. This is to prevent "insider attacks" from 

25 compromising the private signing key material. 

Distributed-architecture IBIP systems that use a local 'Vault" attached to a PC at an 
end user's site, or newer stand-alone meters that create signed IBIP-like indicia, must 
continue to have a unique, dedicated key pair in each remote PSD. If a single key pair was 
used, and an end user compromised just one of those devices, that key could be distributed 
30 widely and used to create millions of firaudulent postage indicia. 

In 1Q2001, the USPS permitted the inventor to institute the key management plan 
under a three-month beta test, and later oflBcially notified all IBI centralized postage vendors 
that they too could employ this approach. The net result is there will be far fewer public keys 
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to maintain for the USPS verification operations, and it is considerably more practical to 
pe .-m stand-alone verification. Despite these improvements, the inventor beheves that the 
sta. i-alone verification system can be eliminated without degrading postage security. 

Another problem with the self-verifying IBI indicium concept is that it does a poor 
5 job of protecting against the fraudulent use of copies of valid postage indicia. DupUcate mail 
pieces have the potential to create substantial dollar losses to the USPS, particularly when 
high postage value packages are involved. Let us consider the following fraud scenario. A 
shipper has 70 pounds of goods to ship to a cUent, and he wishes to use Priority Mail. 
Roughly speaking, the USPS charges about $110 to transport 70 pounds cross-country via 
10 Priority Mail. If the goods can be subdivided into smaller packages, the shipper could easily 
perform the following attack. The shipper would create a postage-bearing shipping label for 
35 pounds (approximately $52 in postage). The shipper would then create a second copy of 
this label, either by usmg a photocopy process, by interrupting the printer in mid-stream, 
causing it to think it must reprint a second version from the data in the printer memory, or by 
15 usmg a commonly available software package, such as Adobe Exchange, to create a PDF 
image of the label (rather than a print image), and then to print the resulting PDF image file 
more than once. Note that PC-based postage indicia do not use any special mks (such as the 
fluorescent-traced red ink used in conventional postage meters), so they are particularly easy 
to replicate. The shipper would then divide the shipment into two 35-pound cartons and 
20 apply a postage label to each carton (one an original, and the other a copy). 

This would effectively defraud the USPS of over $50. If a USPS inspector happened 
to intercept either package and perform a scan of the barcode portion of the postage indicium, 
the information would be consistent on each label. The amount of postage in human-readable 
and barcode format would match. The date would be reasonable. The destination ZIP +4+2 
25 would match that on the physical destination address. The only way the verifier could detect 
the fraud is by intercepting both packages simultaneously and scanning them side-by-side. 
The inspector would hopefiiUy notice that the ascending/descendmg balances (c.f. items 5 
and 11 in Table 1) were the same in each indicium — a. clear indication of fraud. 

The USPS has seemingly discounted the impact of "copy fraud." The USPS 
30 recognizes that, as with conventional postage, it can only perform spot statistical testing on 
the mail stream. But the USPS has also been somewhat "envelope-centric" in their thinking. 
That is, the USPS feels that an attacker would find Uttle value in sending two envelopes to the 
same destination, and that the dollar amount of fraud would be on the order of 34 cents. The 
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inventor believes that the future of PC-based postage is not with envelopes, but with high 
value, expedited packages. Letter mail (e.g., correspondence, statements, and invoices) is 
being rq)idly replaced with electronic communications, and in the not-too-distant future, 
packages will dominate the USPS environment. This trend is likely to be accelerated given 
5 the anthrax attacks of 3Q2001. Therefore, it is beUeved that the USPS is underestimating the 
dollar value of this fraud threat. The inventor believes that by modifying the postage 
indicium as discussed herein, copy fraud can be further reduced if not effectively eliminated. 

This is an appropriate time to discuss the "uniqueness" of the information in indicia. 
As we have seen in the previous example, using the digitally signed ZIP+4+2 and cross 
10 checking this value with the ZIP+4+2 shown in the human readable address, is not a fool 
proof method to detect copy fraud. The ZIP+4+2 of a given delivery address is something 
that can appear in an indicium for a given account holder on many occasions. Insofar as the 
indicium is concerned it is not a particularly unique value. What is unique in the originally 
proposed and used USPS indicmm as the combination of the account number, the ascending 
15 register, and the descending register (balance) for that account. For instance, the , 
concatenation of these three values should always result in a unique numerical string in an 
indicium. Put another way, if one finds two indicia with the identical concatenated value, this 
is clear evidence that at least one indicium is fraudulent 

The descending register in a given postage account is simply the amount of postage 
20 available to create indicia. It is effectively the "remaining balance". The ascending register 
is the lifetime sum of all postage indicia created within that account. When an indicium is 
created, the descending register is decremented by the indicium value and the ascending 
register is incremented. EventuaUy.themeteraccountwiUrunoutoffimds (the descending 
register approaches zero) and the account hold can purchase more postage from the postal 
25 authority. A postal purchase results in a matching increase in the descending register. The 
ascending register is not impacted by a postage purchase. 

One can see that for a given account, a given descending register (say $5.00) may 
occur many times over the Ufetime of the account. However, a situation where the ascending 
register is $505 and the descending register is $104 will only occur once (if at all) in a given 
30 account lifetime. This is because the ascending register is ever increasing as the Ufe of the 
meter goes on. 
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The USPS has based some portion of its fraud detection protocol on the •♦uniqueness" 
provided by the ascending/descending register combination for a given account. But as an 
index for uniqueness, this is a poor choice from an operation standpoint. The combination of 
the two register values does not result in a continuous number series. The registers are 
tracked to Ihe 1/10* of a cent (a mil), and a typical minimum change in the register values is 
340 mils (a 34 cent First Class postage indicium). The next indicium might be a high- 
postage-value package and result in a register change of 20000 mils ($20,00). Again, the 
combination of ascending/descending registers will be unique for a given account, but this 
"index of uniqueness" is far from optimal. The index wiU have large gaps in the number 
sequence, and the gap sizes will be variable. 

A seventh problem that has contributed to the failure of the IBIP is the assumption 
that all printing-related problems could be controlled by "perfect" vendor software and 
therefore, a staunch refiisal to offer a refimd procedure for failed or partially-printed mail 
pieces. It should be stressed that PC-postage is different from printing otiier types of 
shipping labels (e.g., UPS or FedEx) in that misprints are, in effect, losses of "money." If a 
shipper misprints a UPS shipping label from a shipping software package or web site, another 
one can be reprinted and placed on the package with no negative financial impact to the 
shipper. This is because the UPS business model charges the shipper when die package 
enters the UPS shipping stream and is scamied. The UPS label has no inherent "value" until 
it enters the UPS delivery system. The USPS, however, as do many postal agencies 
worldwide, assumes that the postage is paid before the package enters the shipping stream. 

The current USPS refund procedures for misprinted mail pieces are overly strict and 
reflect a mindset formed over decades of supporting conventional meter technologies. 
Refunds are possible, but only if one presents a physical specimen. For instance, if a mailer 
creates a meter strip using a conventional postage meter (or prints the postage indicium 
directly on a mail piece), and decides not to use tiiat postage indicmm. the postage indicium 
can be taken to a local post office for a refund of anywhere from 90% to 100% of the postage 
value. 

For PC-postage vendors, the procedures are somewhat different, although the criteria 
are the same. If the PC-postage user creates a readable mail piece (specifically, the postage 
indicium must be scannable), it may be submitted to the PC-postage vendor for a refund. TTie 
vendor, in turn, appHes to the USPS for a refimd. The overall process is complex, time- 
consummg, and very costiy to operate. It also requires that USPS auditors make field visits 
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to the PC-postage vendors to examine aU of the physical specimens before the refund can be 
authorized. 

If the end-user is xmlucky enough to have attempted to print a mail piece that resulted 
in a deduction to the accoimt balance, but has no physical evidence of this mail piece, the 
5 current USPS rules prohibit a refund. Unfortunately, this situation is not uncommon. The 
mail piece stock (e.g., label or envelope) can misfeed, causing only a portion of the indicimn 
to print on the paper. Or if the PC is low on Ghraphic Display Interface (GDI) or memory 
resources, or has crashed for any reason, the printer driver may fail to render the two- 
dimensional barcode image. Or if the job is sent to a network printer, it is possible that 
10 another user/operator can flush the PC-postage print job by manipulating the printer queue or 
control panel, thus resulting in the unavailability of the specimen. 

As discouraging as all the IBIP-related problems may seem, the inventor feels that 
PC-postage can be made viable by incorporating novel, yet easily implementable, design 
elements into the IBIP base design 

15 SUMMARY OF THE INVENTION 

The inventions provide improvements in detecting postage fraud using a unique mail 
piece indicium, reducing the size of postage indicia, and/or refunding postage. 

A first improvement of an improved postage system aud method uses a unique 
character string, such as, e.g., a tracking ID to, among other things, facilitate the detection of 

20 copy fraud. This tracking ID can be associated with a postage indicium and digitally signed 
to provide for a self-vaUdating, unique postage indicium. The self-vaUdating postage 
indicium can then be applied to a mail piece, e.g., a package, which may then be processed 
from the sender to the recipient through a postal authority, e.g., the USPS. For example, 
during the delivery process for the mail piece, the postal authority can scan all of the postage 

25 indicium or simply spot check samples. Once a given indicium's digital signature is 

validated by the postal authority using, e.g., PKI methods, the unique string contained within 
the indicium, can be used in a variety of ways for fraud detection. 

For package mail that contains a unique delivery tracking ID, the ideal unique 
character string for the indicixmi is the tracking ID itself If 100% of the packages bearing a 
30 postage indicium have this postage indicium scanned, the tracking ID within the unique 
postage indiciimi can be compared in a computer operated by the postal authority to the 
tracking ZD's in all other scanned and recorded postage indicia to ensure that the tracking ID 
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is indeed unique and has not been dupUcated. If the self-validating postage indicia on tracked 
mail pieces are only spot-checked, the tracking E) obtained from the validated postage 
indicium can be compared to a standard tracking ID found elsewhere on the mail piece in, 
e.g., human readable and/or barcode form. 
5 Unlike the two dimension IBI postage indicia barcodes, these standard tracking ID's 

(which are generally represented in simpler one dimensional barcodes, such as Code 128, 
Code 39, etc) are typically scanned 100% of the time. This scanning is a result of the normal 
processing that the postal authority implements to keep track of mail pieces (typically 
packages), and thus any copyist that duplicates the postage indicium would not be able to 
1 0 correspondingly copy the standard tracking ID's without detection of duplicated tracking ID's 
or at least a tracking ID that is outside a normal range of tracking ID's. Thus, a comparison 
between the tracking ID found in the self-vaUdatiag postage indicium and the standard 
trackmg ID would reveal a discrepancy and thus possible fraud. This approach would be 
very effective in tiie case of two packages gomg from the same sender to the same destination 
15 . address. While both packages would have Ihe same delivery ZIP+4+2 (a potential copy 

attack described earUer in this specification), the packages would have different fracking ID's. 
The copyist would be finther frustrated in his attempt to copy an existing vaUd indicium and 
fracking ID p^r, and use that matched pair on anotiier package altogether. This type of fraud 
would very likely be detected by the routine delivery scans of the fracking ID performed by 
20 die postal authority. 

In accordance with a first, separate aspect of this first improvement, an improved 
method of providing a unique postage mdicium within a postal system (e.g., the USPS) is 
provided. The method comprises generating a unique postage indicium having a character 
string (such as, e.g., a fracking ID) that is unique within the postal system. The fracking ID 
25 can be obtained from a single database to ensure its uniqueness. In addition to the unique 
tracldng ID, the postage indicium can contain a numba: of other items, such as, e.g., indicia 
version number, algorithm identification, certificate serial number, device identification, 
ascending register, postage, date of mailing, originating zip code, software identification, 
descending register, and rate category. The method further comprises deriving a digital 
30 signature from the vinique fracking ID, and associating the digital signature with the unique 
postage indicium to generate a self-vaUdating unique postage indicium. In the preferred 
method, the digital signature is generated by applying a private key to the unique postage 
indicium. The digital signature is then attached, e.g., by appending, to the unique postage 
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indicium. This self-validating imique postage indicium can then be ^plied to a mail piece 
(such as, e.g., a package or envelope) in a barcode fomiat. The unique tracking ID can also 
be applied to the mail piece independently of the self-vaUdating unique postage indicium, as 
is the typical case with tracked packages. 

5 In accordance with a second separate aspect of this first improvement, a method of 

detecting postal firaud in a postal system (such as, e.g., the USPS) is provided. The method 
comprises receiving a plurality of mail pieces within the postal system, each carrying a self- 
validating postage indicium having a character string (such as, e.g., a tracking ID) and a 
digital signature derived firom a data stream that includes die tracking ID, and optionally 
1 0 other postage-related data. 

The method further comprises reading each self-validating postage indicium to obtain 
the postage indicium and digital signature, validating each postage indicium by determining 
if the digital signature is consistent with the tracking ID, and if applicable, the associated 
indicium data, and comparing all of the tracking ID's obtained system-wide fi-om the postage 
1 5 indicia. Thus, postal firaud can be detected if two of the unique character strings (e.g. 
tracking ID's) match. In the preferred method, each self-validating postage mdicium is 
embodied in a two dimensional barcode format tliat can be read with a barcode reader. Each 
digital signature can be generated with a private key, in which case, the postage indicium 
authentication comprises applying a corresponding public key to each digital signature. 

20 In accordance with a third separate aspect of this first improvement, a method of 

detecting postal firaud in a postal system (such as, e.g., the USPS) is provided. The method 
comprises receiving a mail piece within the postal system, wherein die mail piece carries a 
self-validating postage indicium having a character string (such as, e.g., a tracking ID), and a 
digital signature derived firom a data stream that includes the tracking ID, and optionally 

25 other postage-related data. The mail piece finrther carries an expected representation of the 
same tracking ID independent of the self-validating postage indicium. It is customary that 
this latter representation consists of a human readable string plus a one-dimensional barcode 
representation of that string. The method fiirther comprises reading the self-validating 
postage indicium to obtain the postage indicium data and associated digital signature, 

30 validating the postage indicium data by determining if the digital signature is consistent with 
the tracking ID, and comparing the validated tracking ID obtained firom the postage indicium 
to the tracking ID found elsewhere on the mail piece. Thus, postal firaud can be detected if 
the tracking ID obtained from the postage indicium does not match the expected 
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representation of the tracking ID found elsewhere on the mail piece, mdicating that the 
postage indicium has been dupUcated. Postal fraud can further be detected if two or more of 
the tracking ID's found on two or more mail pieces miatch each other, indicating that the 
tracking ID's have been duplicated to match the dupUcated postage indicium, hi the preferred 
5 method, each self-validating postage indicium is embodied in a barcode format that can be 
read with a barcode reader. Each digital signature can be generated with a private component 
of a key pair, in which case, the postage indicium authentication comprises applying a 
corresponding pubUc key to each digital signature. 

In accordance with a fourth separate aspect of this first improvement, a method of 
10 providing postage indicia for use m a postal system is provided. The method comprises 

generatmg a pluraHty of unique postage indicia having a pluraUty of character strings (such 
as, e.g., tracking ID's) unique wifliin flie postal system, generatmg a pluraUty of digital 
signatures of the pluraUty of unique tracking ID's, and generating a pluraUty of self-vaUdating 
unique postage indicia by associating the pluraUty of digital signatures with the pluraUty of 
15 ur.'que postage indicia. 

In one preferred method, all of these steps are performed in a centralized postage- 
issuing computer system that services a pluraUty of user accounts. In this case, the method 
can further comprise receivmg a pluraUty of postage indicium requests at the centralized 
postage-issuing computer system from a pluraUty of end user computers, processmg the 
20 requests at the centraUzed postage-issuing computer system, and transmittmg the resulting 
self-vaUdatmg unique postage mdicia from the centraUzed postage-issumg computer system 
to the end user computers. The postage indicium requests may be embodied in a variety of 
formats, but in the preferred method are embodied in smgle data streams. The centraUzed 
postage-issuing computer system can obtain the unique tracking numbers from various 
25 sources, but in the preferred method are obtained either mdirectly from a master tracking 
computer system via the end user computers or directly from the master trackmg computer 
system. In another preferred method, all of these steps are performed in the end user 
computers, in which case, the tracking numbers can be obtained durectly from, the master 
tracking computer system. 
30 hi accordance with a fifth s^arate aspect of this first unprovement, a method of 

providmg a postage indicium for use m a postal system (such as, e.g., USPS). The method 
comprises receiving a unique identifier request from an end user computer, and transmitting a 
vmique identifier (such as, e.g., a tracking number) to the end user computer in response to the 
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unique identifier request The unique identifier may take a variety of forms, e,g., a single 
unique character string such as a tracking number, or two or more character strings such as a 
postage vendor ID, user account number, and piece count. The method further comprises 
receiving a postage indicium request fi:om an end user computer, generating a unique postage 
5 indicium carrying the luiique identifier, deriving a digital signature firom the unique identifier, 
generating a self-vahdatmg unique postage indicium by associating the digital signature with 
the unique postage indicium, and transmitting the self-validating unique postage indicium 
independently from the unique identifier. The unique identifier and self-vahdating postage 
indicium can then be applied to a mail piece by the end user computer. 

10 In one preferred method, all of tlie steps are performed in a centralized postage- 

issuing computer system that services a plurality of user accounts. In this case, the method 
can further comprise transmitting another unique identifier request firom the centralized 
postage-issuing computer system to the master tracking computer system in response to 
receipt of the vmique identifier request from the end user computer, and receiving the unique 

15 identifier at the centralized postage-issuing computer system from a master tracking 
computer system. Alternatively, the received unique identifier can be stored in the 
centralized postage-issuing computer system prior to receiving the xmique identifier request 
from the end user computer. In another preferred method, all of the steps are performed in 
the centraUzed postage-issuing computer system, with the exception of the receipt of the 

20 unique identifier request and the transmission of the unique identifier, which are performed in 
the master tracking computer system. In this case, the xmique identifier received by the end 
user c^puter is transmitted to the centralized postage-issuing computer system. 

In accordance with a sixth separate aspect of this first improvement, a postage indicia 
generation system for implementation with a postal system is provided. The system 

25 comprises an end user computer, a centralized postage-issuing computer system, and a 

communications link connecting the end user computer with the centralized postage-issuing 
computer system. The end user computer is configured for transmitting a postage indicium 
request to the centralized postage-issuing computer system over the communications link, 
and the centralized postage-issuing computer system is configured for generating and 

30 transmitting a self-validating unique postage indicium to the end user computer over the 

commxmications link. The self-validating unique postage indicium contains a character string 
(such as, e.g., a tracking ID) unique to the postal system and a digital signature that is derived 
from the tracking ID, and optionally other postage-related data. 
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In a preferred embodiment, the system may further include a master tracking 
computer system and another conmiimications Unk that connects the centralized postage- 
issuing computer system with the master tracking computer system. In this case, the master 
tracking computer system can be configured for transmitting the tracking ID to the 
5 centralized postage-issuing computer system over the other communications link. The 
tracking ID may be transmitted to the centralized postage-issuing computer system in 
response to a unique identifier request from the centralized postage-issuing computer system, 
or alternatively may be periodically transmitted to the centralized postage-issuing computer 
system with a pool of unassigned tracking BD's, which are then stored in a database prior to 

10 receiving the postage indicium request from the end user computer. In another preferred 

embodiment, the system may further include a master tracking computer system and another 
commimications link that coimects the master tracking computer to the end user computer. In 
this case, the end user computer can be configured for transmitting a unique identifier request 
to the master tracking computer system over the other communications link, for receiving the 

15 unique character string from the master tracking computer system over the other 

commimications link, and for transmitting the unique character string to the centralized 
postage-issuing computer system over the communications link. 

In accordance with a seventh separate aspect of this first improvement, a centralized 
postage-issuing computer system for issuing postage indicia within a postal system is 

20 provided. The centraUzed postage-issuing computer system comprises data processing 

circuitry, a database storing a pluraUty of user accounts, and a communications module, when 
executed by the data processing circuitry, configured for receiving a postage indicium request 
from an end user computer. In a preferred embodiment, the communications module may 
fiirther be configured for transmitting the self-vaUdating unique postage indicium to the end 

25 user computer, and for receiving the tracking ID from a master tracking computer system, or 
alternatively from the end user computer. 

The centralized postage-issuing computer system fiirther comprises a postage 
indicium generation module, when executed by the data processing circuitry, configured for 
generating a self-vaHdating unique postage indicium in response to the postage indicium 
30 request. The self-validating unique postage indicimn contains a character string (such as, 
e.g., a tracking ID) unique to the postal system and a digital signature derived from the 
unique tracking ID. hi generating the postage indicium, the postage indicium generation 
module may comprise a unique postage indicium generation submodule for generating the 
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unique postage indicium, a digital signature generation submodule for generating the digital 
signature, and an association submodule for associating the digital signature with the unique 
postage indicia to generate the self-vaUdating unique postage indicium. 

A second improvement uses an indexing identifier (such as, e.g., a tracking ID or the 
5 combination of a postage vendor ID, user account, and piece count) to decrease the size of the 
postage indicium transmitted to an end user computer, or eliminate transmission of the 
postage indicium altogether. When the postage indicium for the end user computer is 
generated, it is stored, and the indexing identifier, rather than the postage indicium, is 
transmitted to the end user computer. The indexing identifier is applied to a mail piece, 
10 which is then scanned by the postal authority. The postal authority can obtain the stored 

postage indicium by reference to the indexing identifier. In this manner, the postal authority 
has access to the postage indicium without having to apply it to the mail piece. 

In accordance with a first separate aspect of this second improvement, a method of 
indexing a postage indicium wifliin a centralized postage-issuing computer system having a 

1 5 pliurality of user accounts is provided. The method comprises generating a postage indiciimi 
associated with a mail piece, associating an indexing identifier with the postage indicium, and 
storing the indexed postage indicium within a database. The indexing identifier can be 
embodied in a variety of forms, but in the preferred method is unique within a postal service 
(such as, e.g., the USPS) and comprises a postage vendor ID, user account number, and piece 

20 count, or alternatively, a unique tracking ID. The postage indicium may comprise a variety 
of items, such as, e.g., postage amount, date and time of postage information creation, service 
class, optional data advance, and delivery zip code. 

To protect the integrity of the postage indicium stored in the centralized postage- 
issuing computer system, the method preferably comprises deriving a digital signature firom 

25 the postage indicium, associating the digital signature with the postage indicium to generate 
an indexed self-validating postage indicium, and storing the indexed self-validating postage 
indicium within the centralized postage-issuing computer system. The digital signature may 
be generated by applying a private key to the postage indicium, and the digital signature can 
be associated with the postage indicium by attaching it thereto. The digital signing of the 

30 postage indicium can be further protected using a physically secure coprocessor device to 
perform this operation. 
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In the preferred method, an indexing identifier request is received jfrom an end user 
computer, and the indexing identifier is transmitted to the end user computer. The indexing 
identifier can then be applied to a mail piece. When the mail piece is being inspected by the 
postal authority, the method may fiurther comprise receiving a postage indicium request 
5 containing the indexing identifier firom the postal authority, retrieving the indexed postage 
indicium firom the database based on the received indexing identifier, and transmitting the 
indexed postage indicium to the postal authority. 

In accordance with a second separate aspect of this second improvement, a method of 
validating postage for a postal service is provided. The method comprises generating a 

10 postage indicium associated with a mail piece, associating an indexing identifier with the 
postage indiciimi, and storing the indexed postage indiciiun within a database. The method 
fiirther comprises applying the indexing identifier to the mail piece, reading the indexing 
identifier on the mail piece, and retrieving the indexed postage indicium firom the database 
based on the indexing identifier. The indexing identifier can be applied to the mail piece in a 

15 variety of formats, but in the preferred method is applied in a barcode format (such as, e.g., a 
two-dimensional barcode or even a one-dimensional barcode), and read using a barcode 
reader, or applied in a human-readable format, and read using an optical character reader. 

In accordance with a third separate aspect of this second improvement, a centralized 
postage-issuing computer system for indexing postage indicia for a plurality of user accounts 

20 within a postal system is provided. The centralized postage-issuing computer system 

comprises data processing circuitry, a database, a postage indicium generation module, when 
executed by the data processing circuitry, configured for generating a postage indicium, an 
indexing module, when executed by the data processing circuitry, configured for associating 
an indexing identifier with the postage indicium, and a database management module, when 

25 executed by the data processing circuitry, configured for storing the indexed postage 
indicium within the database, and for retrieving the indexed postage indicium fi^om the 
database based on the indexing identifier. 

The postage indicium may be self-vaUdating. In generating the self-validating 
postage indicium, the postage indicium generation module may comprise a postage indicium 
30 generation submodule for generating the postage indicium, a digital signature generation 

submodule for generating the digital signature; and an association submodule for associating 
the digital signature with the postage indicium to generate the self-validating indexed postage 
indicium. To provide additional security, key cryptographic operations may be accomplished 

18 



BNSDOCID: <WO__03044620A2_L> 



wo 03/044620 PCTAJS02/33024 

by means of a physically secure coprocessor device. In the preferred embodiment, the 
centralized postage-issuing computer system comprises a communications module, when 
executed by the data processing circuitry, configured for receiving an indexing identifier 
request from an end user computer, and for transmitting the indexing identifier to the end user 
5 computer. The communications module may also be for receiving a postage indicium request 
containing the indexing identifier from a postal authority, and for transmittmg the retrieved 
indexed postage indicium to the postal authority. 

In accordance with a fourth separate aspect of this second improvement, a method of 
validating postage in a postal system is provided. The method comprises receiving a postage 

10 indicium request from a postal authority (such as, e.g., the USPS), wherein the postage 

indicium carries an indexing identifier and is associated with a mail piece inspected by the 
postage authority. The method further comprises retrieving an indexed postage indicium 
from a database based on the received indexing identifier, and transmitting the postage 
indicium to the postal authority. The indexed postage indicium may be self-vaUdating 

15 postage indicium that is created within a physically secure coprocessor device. As such, 
these signed indicia may be safely stored in a conventional database for later access and 
signature verification. 

In accordance with a fifth separate aspect of this second improvement, the indexing 
identifier can be used to request and receive sender identification information to verify that 
20 the sender of a received mail piece is a trusted individual or entity. 

A third improvement uses a tracking ID to facilitate the refimding of unused postage, 
friformation for a postage transaction, along with the tracking ID and an associated delivery 
status, is stored. This delivery status is updated when the mail piece carrying the tracking ID 
is deUvered. Unused postage can be confirmed by retrieving the stored postage transaction 
25 information and determining from that whether there are dupUcative postage transactions. 
The delivery statuses for the duplicative postage transactions can then be reviewed to 
determine whether the mail pieces associated with these postage transactions have been 
delivered. If not, one of the postage transactions may be refimded. 

In accordance with a first separate aspect of this third improvement, a method of 
30 refunding postage is provided. The method comprises storing information for a postage 
transaction in a database, wherein the postage transaction information comprises a tracking 
ID and an associated delivery status. The postage transaction information may also comprise 
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a postage transaction date, postage transaction time, destination zip code, service class, 
postage amount, and mail piece wei^t. The method further comprises receiving a postage 
refund inquiry, e.g., from an account administrator or the end user, and retrieving the postage 
transaction information from the database in response to the postage refund inquiry. A 
5 postage may then be refunded based on the retrieved postage transaction information. For 
example, the postage may be refunded only if the retrieved delivery status indicates that a 
mail piece associated with the tracking ID has not been delivered, and not refunded if the 
retrieved delivery status indicates that a mail piece associated with the tracking ID has been 
delivered. The postage transaction information may be displayed to facilitate flie refunding 
10 process. In the preferred method, confirmatory delivery status information associated with 
the tracking ID is received from, e.g., a postal authority, and the delivery status in the 
database is updated with the confirmatory delivery status information. 

In accordance with a second separate aspect of this third improvement, a method of 
refimding postage is provided. The method comprises storing mformation for a plurality of 

15 postage transactions in a database, wherein the information for each postage transaction 
comprises a tracking ID, postage transaction date, and delivery status associated with the 
tracking ID. In the preferred method, confirmatory delivery status information associated 
with the plurality of tracking ID's may be received from a postal authority, and the plurality 
of delivery statuses in the database may be updated with the confirmatory delivery status 

20 information. The method further comprises associating the stored postage transaction 

information with a user account, receiving a postage refund inquiry for the user account (e.g., 
from an account administrator or end user), and retrieving the postage transaction information 
from the database in response to the postage refund inquiry. The method further comprises 
refunding the postage for a first postage transaction only if the delivery status for the first 

25 postage transaction indicates that a mail piece associated with the tracking ID for the first 

postage transaction has not been delivered, and the postage transaction dates for the first and 
second postage transactions are the same. The information for each postage transaction may 
comprise a destination zip code, service class, and postage amoimt, in which case, the postage 
may be refunded only if the destination zip codes, service classes, and postage amounts for 

30 the first and second postage transactions are the same. 

In accordance with a third separate aspect of this third improvement, a method of 
providing status for a pluraUty of mail pieces tracked by a postal authority is provided. The 
method comprises storing information for a plmraUty of postage transactions in a database, 
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wherein the information for each postage transaction comprises a tracking ID and an 
associated delivery status. The method further comprises receiving confirmatory delivery 
status information from the postal authority, and updating the pluraUty of delivery statuses in 
the database with the confirmatory delivery status information. In the preferred method, the 
5 stored postage transaction information is associated with a plurality of user accounts. 

In accordance with a fourth separate aspect of this third improvement, a centralized 
postage-issuing computer system for providing status for a plurality of mail pieces tracked by 
a postal service is provided. The centralized postage-issiiing computer system comprises data 
processing circuitry, a database, a communications module, when executed by the data 

10 processing circuitry, configured for receiving confirmatory delivery status information firom a 
master tracking computer system, and a database management module, when executed by the 
data processing circuitry, configured for storing information for a plurality of postage 
transactions in a database. The information for each postage transaction comprises a tracking 
ID and an associated delivery status. The database management module is further configured 

1 5 for updating the delivery status with the confirmatory deUvery status information. The 
database management module may further associate the stored postage transaction 
information with a plurality of user accounts. In the preferred embodiment, the central 
computer comprises a delivery status request module, when executed by the data processing 
circuitry, configured for generating a request for the confirmatory delivery status information. 

20 In this case, the conmiunications module may transmit the request to the master tracking 
computer system. 

In accordance with a fifth separate aspect of this third improvement, a method of 
determining whether issued postage has been used is provided. The method comprises 
storing information for a pluraUty of postage transactions in a database, wherein the 

25 information for each postage transaction comprises one or more postage transaction items 
(such as, e.g., a postage transaction date, destination zip code, service class, and postage 
amount), a tracking ID and an associated deUvery status. The method further comprises 
associating the postage transaction information with a user account, receiving an inquiry for 
duplicative postage transactions firom, e.g., an account administrator or end user, retrieving 

30 the postage transaction information from the database, selecting the postage transactions in 
which the one or more postage transaction items are identical, and determining if any of the 
delivery statuses for the selected postage transactions indicate that a mail piece has been 
delivered. The method may further comprise determining that issued postage is unused if any 



21 



BNSDOCID: <WO ^03044620A2_I_> 



wo 03/044620 PCT/US02/33024 

of the delivery statuses for the selected postage transactions indicate that a mail piece has 
been delivered. In the preferred method, confirmatory delivery status information is received 
from, e.g., a postal authority, and the delivery statuses in the database are updated with the 
confirmatory delivery status information. 

5 In accordance with a sixth separate aspect of this third improvement, a centralized 

postage-issuing computer system for determining whether issued postage has been used is 
provided. The centralized postage-issuing computer system comprises data processing 
circuitry, a database, a communications module, when executed by the data processing 
circuitry, configured for receiving an inquiry for duplicative postage transactions, and a 

10 database mauagement module, when executed by the data processing circuitry, configured for 
storing information for a plurality of postage transactions in a database, and associating the 
postage transaction information with a user account. The centralized postage-issuing 
computer system further comprises a filtering module, when executed by the data processing 
circuitry, configured for selecting tiie postage transactions in which the one or more postage 

15 transaction items are identical, and determining if any of the delivery statuses for the selected 
postage transactions indicate that a mail piece has been delivered. In the preferred 
embodiment, a filtering module is further configured for determining that issued postage is 
unused if any of the delivery statuses for the selected postage transactions indicates that a 
mail piece has been delivered. The communications module may further be for receiving 

20 confirmatory delivery status information, and the database management module may further 
be for updating the delivery statuses with the confirmatory delivery status information. 

Other and further aspects and features of the inventions will become apparent from 
the following drawings and detailed description. The inventions do not require the presence 
of all of the separate aspects or all of the separate improvements. Thus, the inventions may 
25 combine any one or more of the separate aspects, as well as combine any one or more of the 
separate improvements. 

BRIEF DESCRIPTION OF THE DRAWINGS 

In order to better appreciate how the above-recited and other advantages and objects 
of the present inventions are obtained, a more particular description of the present inventions 
30 briefly described above will be rendered by reference to specific embodiments thereof, which • 
are illustrated in the accompanying drawings. Understanding that these drawings depict only 
typical embodiments of the invention and are not therefore to be considered limiting of its 
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scope, the invention will be described and explained with additional specificity and detail 
through the use of the accompanying drawings in which: 

Fig. 1 is top view of a prior art IBIP mail piece; 

Fig. 2 is a top view of a USPS Priority Mail postage label constructed in accordance 
5 with the present inventions; 

Fig. 3 is a block diagram of a first postal system constructed in accordance with the 
present inventions, wherein the first postal system utilizes unique tracking ID*s to detect 
postal copy fraud; 

Fig. 4 is a block diagram of an end user computer used in tiie first postal system of 

10 Fig. 3; 

Fig. 5 is a block diagram of a centralized postage-issuing computer system used in the 
first postal system of Fig. 3; 

Fig. 6 is a block diagram of another centralized postage-issuing computer system used 
in the first postal system of Fig. 3; 
15 Fig. 7 is a block diagram of a master tracking computer system used in the first postal 

system of Fig. 3; 

Fig. 8 is a block diagram of a postage validation computer system used in the first 
postal system of Fig. 3; 

Fig. 9 is a flow diagram illustrating a procedure for indirectly issuing a tracking ID 
20 from the master tracking computer system of Fig. 7 to the end user computer of Fig. 4 via the 
centralized postage-issuing computer system of Fig. 5; 

Fig. 10 is a flow diagram illustrating a procedure for issuing a tracking ID from the 
centraUzed postage-issuing computer system of Fig. 6 to the end user computer of Fig. 4; 

Fig. 1 1 is a flow diagram illustrating a procedure for downloading xmassigned 
25 tracking ID's from the master computer tracking system of Fig. 7 into the centraUzed postage- 
issuing computer system of Fig. 6 and for uploading postage information from the centraUzed 
postage-issuing computer system to the master tracking computer system; 

Fig. 12 is a flow diagram illustrating a procedure for directly issuing a tracking ID 
from the master tracking computer system of Fig. 7 to the end user computer of Fig. 4; 
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Fig. 13 is a flow diagram illustrating a procedure for dispensing a self-validating 
unique postage indicium from the centralized postage-issuing computer system of Figs. 5, 6, 
or 33 to the end user computer of Fig. 4; 

Fig. 14 is a flow diagram illustrating a procedure for vaUdating the postage on a mail 
5 piece using the postage validation computer system of Fig. 8; 

Fig. 15 is a block diagram of a second postal system constructed in accordance with 
the present inventions, wherein the second postal system utilizes indexing identifiers to 
reduce or eliminate the size of the postage indicium; 

Fig. 16 is a block diagram of an end user computer used in the second postal system 
10 of Fig. 15; 

Fig. 17 is a block diagram of a centralized postage-issuing computer system used in 
the second postal system of Fig. 15; 

Fig. 18 is a block diagram of a postage validation computer system used in the second 
postal system of Fig. 15; 

15 Fig- 19 is a top view of an indexing identifier represented as a two-dimensional 

barcode; 

Fig. 20 is a top view of an indexing identifier represented as a one-dimensional Code 
128 barcode; 

Fig. 21 is a top view of an indexing identifier represented as a one-dimensional 
20 POSTNET or PLANET barcode; 

Fig. 22 is a top view of an indexing identifier represented as numerical data; 

Fig. 23 is a flow diagram illustrating a procedure for indexing a postage indicium and 
applying an indexed identifier to a label; 

Fig. 24 is a flow diagram illustrating a procedure for validating the postage on a mail 
25 piece using the indexed identifier; 

Fig. 25 is a block diagram of a third postal system constracted in accordance with the 
present inventions, wherein tiie tiiird postal system utilizes a tracking ID to facilitate 
refimding of unused postage; 

Fig. 26 is a depiction of a display showing flie results of a refimd eUgible inquiry 
30 performed in the third postal system of Fig. 25; 
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Fig. 27 is a depiction of a display showing the results of an audit review performed in 
the third postal system of Fig. 25; 

Fig. 28 is a depiction of a display showing the results of a refund pattern audit 
performed in the third postal system of Fig. 25; 

5 Fig. 29 is a block diagram of a centralized postage-issuing computer system used ui 

the third postal system of Fig, 25; 

Fig. 30 is a block diagram of a master tracking computer system used in the third - 
postal system of Fig. 25; 

Fig. 31 is a flow diagram illustrating a procedure for accimaulating and updating 
10 postage transaction information stored in the centralized postage-issuing computer system of 
Fig. 29; 

Fig. 32 is a flow diagram illustrating a procedure for issuing a refund within the 
centralized postage-issuing computer system of Fig. 29; 

Fig. 33 is a block diagram of still another centralized postage-issuing computer 
15 system used in the first postal system of Fig. 3; 

Fig. 34 is a depiction of a display prompting a mail recipient to enter a tracking ID as 
a sender identification request; 

Fig. 35 is a depiction of a display showing sender identification information; 

Fig. 36 is a depiction of a mail recipient computer for displaying the information of 
20 Figs. 34 and 35; and 

Fig. 37 is a flow diagram illustrating a procedure for verifying a sender of a received 
mail piece. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

25 The present invention is directed to a postage indicia tracking system for generating 

self-validating xmique postage indicia that can be validated by a postal authority (such as, 
e.g., the United Stated Postal Service (USPS), United Parcel Service (UPS), Federal Express 
(FedEx), etc.) for various purposes (such as, e.g., detecting copy fraud, postage 
counterfeiting, refund facilitation, etc.). 
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Referring to Fig. 2, a USPS Priority Mail postage label 200 generated in accordance 
with the present inventions can be used in a high-postage value transaction (such as, e.g., 
packages, expedited services, etc.) to detect copy fraud, since such transactions represent the 
largest fraud threat, and are the mostly likely demographic to embrace PC-Postage. We 
5 hasten to add that the present invention does not exclude envelope mail, and there are 
innovations presented for that arena as well. Nor does it exclude other package shipment 
services provided by other postal authorities, or by private shipping firms (such as, e.g., UPS, 
Airbome, or FedEx). 

Like the prior art envelope 102 shown in Fig. 1, the label 200 shown in Fig. 2 carries 

10 a self-validating unique postage indicium 204 that is presented in a two-dimensional barcode 
206 containing data relating to the mail piece on which the label 200 is applied, as well as 
human-readable information 208, return address 212, destination address 214, and POSTNET 
barcode 216. Noteworthy, is that Facing Identification Marks (FIM) are not located on the 
label 200, since the FIM is only a requirement for letter mail and has no value in the 

15 processing of packages. The label 200 fiirther includes a standard unique tracking ID 218 at 
its center. The tracking ID 218 is presented in an associated computer readable form (such 
as, e.g., a one-dimensional barcode 220), and as alpha-numerical data 222, in this case, the 
number "0180 5213 9070 221 1 5878." Up to this point, a typical USPS label, which can be 
used to provide tracking capability for mere administrative purposes, has been described. For 

20 example, in the USPS environs, one can obtain a delivery confirmation code for Priority 
Mail, an Express Mail tracking code for Express Mail, a Signature Confirmation code for 
Priority Mail, and a delivery confirmation code for media mail. Similar tracking ID*s are 
used by other carriers (such as, e.g., UPS, and FedEx), as well as other postal authorities 
worldwide. Tracking numbers may also be added to First Class mail in the fixture, and are 

25 used in such ancillary services at Certified Mail. 

The standard tracking ID's 218 currently used on these USPS labels, however, are not 
suitable for preventing postage fi-aud, since one can easily dupUcate the postage indicia, while 
using different tracking ID's 218 (perhaps on a separate label), effectively covering up the 
copy fi-aud. To facilitate in detecting fi-aud, the self-validating imique postage indicium 204 
30 has been modified to include a unique identifier. As will be described in fiirther detail below, 
the xmique identifier can be composed of, e.g., the same tracking ID 21 8 that is provided at 
the bottom right comer of the label 200. In this case, the unique identifier contaiued within 
the self-vaUdating unique postage indicium 204 can be used to validate the standard tracking 
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ID 21 8, and can thus be reUed upon to detect copy fraud in a stand-alone verification system. 
If a standard tracking ID 218 is not used on the label 200 (e.g., if the mail piece is being 
shipped via first class mail), the unique identifier can be composed of the piece count or 
ascending register in combination willi the postage vendor ID and user account number. In 

5 this case, detection of copy fraud can be ensured in a stand-alone verification system only if 
100% of the postage indicia are scanned. It is noted that a tracking ID provides miiqueness 
with a single string of numbers, whereas a postage vendor ID/user account/piece count (or 
ascending register) combination provides uniqueness with two strings of numbers. To this 
extent, the tracking ID, when available, is more advantageous to use, not only because it can 

10 detect copy fraud with respect to a single mail piece even if less than 100% of ttie postage 
indicia is scamied, but also because it can simply accomplish tins with a single unique string 
of characters. As will be described in further detail below, however, use of the postage 
vendor ID/user account/piece coimt (or ascending register) combination as the unique 
identifier can be advantageously used to detect postal fraud in a non-stand-alone verification 

1 5 system even if 100% of the mail pieces are not scanned. 

Refemng to Fig. 3, a postage system 300 provides a means for validating postage 
indicia in a stand-alone verification system using unique identifiers, and specifically, tracking 
ID'S. In this embodiment, in response to requests for tracking ID's from end users, the postal 
service directly issues tracking ID's to the end users in a manner similar to that currently used 

20 by the USPS today. Alternatively or optionally, the postal service indirectly tracking ID's to 
the end users via a postage vendor. In any event, the postage vendor generates and sends 
self-vaUdating imique postage indicia, which carry the issued tracking ID's, to the end users. 
The tracking numbers contained with the self-vaUdating unique postage indicia are then used 
by the postal service to verify the postage on the mail pieces generated by the end users. 

25 To this end, the postage system 300 generally comprises a centralized postage indicia 

generation system 302, which includes a multitude of centralized postage-issuing computer 
systems 305/306/307 (referred to as "central computer systems" in the figures), each of which 
communicates with a multitude of end user computers 308. The postage system 300 also 
generally comprises a postal service 304, which includes a master tracking computer system 

30 310 and a postage validation computer system 312. As will be described in further detail 
below, the different configurations of centralized postage-issuing computer systems 
305/306/307 represent different means for issuing the tracking ID's to the end user computers 
308. As illustrated, the centraUzed postage-issuing computer systems 305/306/307, end user 

27 



BNSDOCID: <WO ^03044620A2_L> 



wo 03/044620 PCT/US02/33024 

computers 308, master tracking computer system 310, and postage validation computer 
system 312 variously communicate with each other over commxmications links 314-322, each 
of which may represent, e.g. a LAN, Intemet, or telephone network). It should be noted that, 
in the illustrated embodiment, communications among the end user computers 308, 
5 centralized postage-issuing computer system 305/306/307, master tracking computer system 
310, and postage validation computer system 312 over the various links are generally secured 
by use of session encryption/decryption technology. The software and processes used to 
implement this technology is described in detail in U.S. Patent No. 6,005,945, which has 
previously been incorporated herein by reference. 

10 In the illustrated embodiment, each end user computer 308 is owned and operated by 

a client of a postal vendor, and is the principal device for preparing mail pieces by printing 
the tracking ID's and self- validating unique postage indicia on the mail pieces when received 
by the centralized postage-issuing computer system 305/306/307. Each centralized postage- 
issTiing computer system 305/306/307 is owned and operated by a postal vendor and is the 

15 pr oipal device that dispenses unique postage indicia to the end user computers 308 over 

communications Unks 3 14 in response to requests by the end user computers 308. As will be 
described in further detail below, the self-validating unique postage indicia contain identifiers 
that are unique within the postal service 304. Thus, at least for a significant period of time, 
e.g., one year, no two unique identifiers will be identical, thereby providiug a reUable means 

20 for detecting mail firaud. The unique identifiers can be composed of numbers, letters, or a 
combination. As previously discussed, however, these unique identifiers are preferably 
tracking ID's. 

The centralized postage-issuing computer systems 306 and 307 are also the principal 
devices lhat directly transmit tracking ID's to the end user computers 308 over 

25 commimications links 3 14 in response to requests by the end user computers 308. This 
configuration is used when the end user computers 308 do not directly obtain the tracking 
ID'S firom the master trackmg computer system 310. The centralized postage-issuing 
computer systems 306 and 307 differ firom each other in that the centraUzed postage-issuing 
computer system 306 merely acts as a vehicle for passing on tracking ZD's issued by the 

30 master tracking computer system 3 10 to the end user computers 308, whereas the centralized 
postage-issutQg computer system 307 actually issues tracking ID's fi-om a previously stored 
pool of unassigned tracking ID's, which are periodically downloaded fi-om the master 
tracking computer system 3 10. In contrast to the centralized postage-issuing computer 
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systems 306/307, the centralized postage-issuing compute system 305 does not take part in 
the tracking ID issuing process. In this case, it is the master tracking computer system 310, 
rather than the centralized postage-issuing computer system 305, that transmits tracking ID's 
to the end user computers 308 over communications links 322 in response to requests by the 
5 end user computers 308. 

In the illustrated embodiment, the master tracking computer system 310 is owned and 
operated by a postal authority (such as, e.g., the USPS), and is the principal device for 
allocating tracking ID's either directly to the end user computers 308 over communications 
links 322, or directly to the centralized postage-issuing computer systems 306 or 307 over 

10 commimications links 3 1 6, which then ultimately be transmitted to the end user computers 
308 over the communications links 314. In an alternative embodiment, the master tracking 
computer system 310 is operated outside of the postal service 304. Because the USPS 
cnrrently maintains such a master tracking service, however, it is preferable that the master 
tracking computer system 310 be contained within the postal service 304. The postage 

15 validation computer system 3 12 is owned and operated by the postal authority, and is the 
principal device for verifying the postage on mail pieces. Altiiough in the illustrated 
embodiment, the postage validation computer system 312 performs stand-alone verification, 
if additional validating information is needed, the postage validation computer system 312 
may optionally receive end user information firom the centralized postage-issuing computer 

20 system 305/306/307 over communications links 3 1 8, or postage information associated with 
the tracking ID's from the master tracking computer system 310 over communications links 
320. 

Turning now to Figs. 4-7 and 33, the structural details of the postage system 300 will 
now be described. With specific reference to Fig. 4, each end user computer 308 contains 

25 conventional computer hardware, including a user interface 402 with a keyboard 403, printer 
404, display 405, and optional scale 406 for weighing mail pieces, data processing circuitry 
408 (such as, e.g., a Central Processor Unit (CPU)) for executing programs, a 
communications interface 410 (such as, e.g., a modem, LAN connection, or Intemet 
connection) for handling communications with the centralized postage-issuing computer 

30 system 305/306/307 over the conamvmications liiik 3 14 or for handling communications with 
the master tracking computer system 310 over the communications link 322, and local 
memory 41 1 . The user interface 402 is configured to allow the end user to request unique 
tracking ID's and self-validating unique postage indicia and to enter postage information 
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associated with the unique tracking ID and postage indicium requests, as well as to print the 
unique tracking ID's and self-validating unique postage indicia on mail pieces. The local 
memory 41 1, which will typically include both random access memory and non-volatile disk 
storage, stores a set of mail handling procedures that are embodied ia^ various software 
5 modules 412, and an end user database 414 that contains information needed by mail 
handling modules 412, including local account balance information, transaction records 
representing all recent postage purchase transaction by the end user computer 308, and 
session encryption keys. Althou]^ the local memory 41 1 is depicted in Fig, 4 as a single 
memory device, it should be understood that it can be implemented in a multitude of memory 
10 devices as well. 

The mail handling modules 412 include a tracking ID request module 414, postage 
indicia request module 416, communications module 418, tracking ID printing module 420, 
and postage indicia printing module 422. The tracking ID request module 414 is configured 
for generating a request for a unique tracking ID. In tibie illustrated embodiment, this request 

15 takes the form of a query stream (e.g., in Extensible Markup Language (XML) format), and 
contains postage information to be associated with the unique tracking ID, (such as, e.g., an 
Application Program Interface (API) user account ID and password, destination address for 
the mail piece, sender's complete address, weight of the mail piece, service class, and the 
amount of postage). The postage indicia request module 416 is configured for generating a 

20 request for a self-validating unique postage indicium. Li the illustrated embodiment, this 
request takes the form of a query stream (e.g., in XML format), and contains information 
specific to the immediate postage dispensing transaction (such as, e.g., the user's meter or 
account ID, the user accoimt password, postage requested, service class, optional data 
advance, and ZIP+4H-2 of the dehvery address). If used in conjunction with the tracking ID 

25 request module 414, the request generated by the postage indicia request module 416 will 
also contain the unique tracking ID when received from the centralized postage-issuing 
computer system 305/306/307. 

The communications module 418 is configured for handluig communications with the 
centralized postage-issuing computer system 305/306/307 over the communications link 3 14 
30 (such as, e.g., transmitting tracking ED requests and postage indicium requests and receiving 
tracking ID's and self-validating unique postage indicia in response thereto). The 
communications module 418 is also configured for handling commimications with the master 
tracking computer system 310 over the communications link 322 (such as, e.g., transmitting 
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tracking ID requests and receiving tracking ID'S in response thereto). It should be noted that 
the USPS currently provides a tracking ID service called "Webtools Shipping API " which 
allows end user computer 308 to obtain unique tracking ID's directly from its server. The 
tracking ID printing module 420 is configured for printing the one-dimensional barcode 220 
5 corresponding to the tracking ID received from the centraUzed postage-issuing computer 
system 306/307 on the label 200. The postage indicia printing module 422 is config;ured for 
printing on the label 200 the two-dimensional barcode 206 corresponding to the self- 
validating unique postage indicium received from the centralized postage-issuing computer 
system 305/306/307. 

10 Referring specifically to Fig. 33, the centraUzed postage-issuing computer system 305 

comprises data processing circuitry 421 (such as, e.g., a Central Processor Unit (CPU)) for 
executing programs, a conmaunications interface 423 (such as, e.g., a bank of modems, a 
LAN connection, or Intemet connection) for handling communication with the end user 
computer 308 and postal service 304, and a local memory 424. The local memory 424, 

1 5 which will typically include both random access memory and non-volatile disk storage, stores 
a set of postage dispensing procedures that are embodied in various software modules 426, 
The local memory 424 also stores a customer database 428 of information about each of the 
user accounts received by the centralized postage-issuing computer system 306, a postage 
database 430 of records concerning each self-validating unique postage indicium g^erated 

20 by the centralized postage-issuing computer system 306, and a finance database 432 of 
records concerning each postage credit transaction in which funds are added to a user 
account. 

For example, the customer database 428 may contain the following information: 
meter/license number, account status (active, hold, canceled, etc.), account name, account 

25 password (typically encrypted), user*s name, iiser's company, user's street address, user's 
city, user's state, user's postal code, descending balance, ascending balance, current piece 
count (last serial number used), origin/finance ZIPS (for US Market), origin/finance city, 
origm/finance state, date initially placed in service, date of last transaction, maximum postage 
allowable per self-validating imique postage indicium, minimum allowable balance, 

30 minimum re-credit amount, maximum re-credit amount, user's cryptographic private signing 
key (typically itself encrypted), credit card or ACH account numbers (typically encrypted), 
and account comments. The postage database 430 may contain the following information: 
date/time of transaction, piece number (serial niunber), weight, mail class, amount, 
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destination address information, or public key reference number (indicating which key was 
used by the centralized postage-issuing computer system 306 to digitally sign the unique 
postage indicium for this postage dispensing event). The finance database 432 may contain 
the following information: date/time postage dispensed, amount of transaction, type of funds 
5 transfer (e.g., credit card, check, etc.), and identifying ID (e.g., credit card number, check 
number). Although the local memory 424 is depicted in Fig, 5 as a single memory device, it 
should be understood that it can be implemented in a multitude of memory devices. 

The postage dispensing modules 426 include a communications module 434, database 
management module 436, tracking ID request module 438, postage indiciirai request 

10 validation module 440, and postage indiciimi generation module 442. The communications 
module 434 is configured for handUng communications with the end user computers 308 over 
the commumcations Unks 314 (such as, e.g., receiving tracking ID requests and postage 
indicium requests and transmitting tracking ID's and unique postage indicia). The database 
management module 436 is configured for storing and retrieving pertinent information in and 

15 fi-om the customer database 428, postage database 430, and finance database 432 with the 

pertinent information. The postage indicium request validation module 440 is configured for 
validating postage indicium requests received firom the end user computer 308 by, e.g., 
validating the meter or account ID and accoimt password in the postage indicium request ia 
relation to the same information contained in the customer database 428. The postage 

20 indicium generation module 442, along with a corresponding private key 444, is configured 
for generating the self-vaUdating unique postage indicium in response to each postage 
indicium request received firom the end user computer 308. 

In generating the self-validating unique postage indicium, the postage indicium 
generation module 442 comprises (1) a postage indicium generation submodule 446 for 
25 generating a unique postage indiciimi containing the tracking ID and/or postage vendor 

ID/user account/piece count; (2) a digital signature generation submodule 448 for deriving a 
digital signature firom the unique postage indicium using the private key 444; and (3) an 
association submodule 450 for associating the digital signature with the unique postage 
indicium to generate the self-validating unique postage indicium. 

30 It should be noted that certain cryptographically important operations are optionally 

performed in a specialized cryptographic coprocessor such as the FIPS-140/Level 4 IBM 458 
co-processor. For instance, in the preferred embodiment, the private signing key appears in 
an unencrypted, operational form only within the confines of the co-processor. Similarly, the 
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decryption of the postage indicium request and the subsequent authentication of said request 
is also handled inside the cryptographic co-processor. While these functions can be 
performed in a generalized computer operating system environment, the addition of the 
cryptographic coprocessor to the overall schema provides for an ultra-secure environment 
5 that is resistant to both outsider and insider attacks. 

In the illustrated embodiment, the self-validating unique postage indicium contains 
the same information as the postage indicium set forth in Table 1, with the exception that the 
destination zip code has been replaced with the tracking ID (if the postage indicium request 
contains a tracking ID) and the account-specific piece count has been moved into the portion 
10 of the postage indicium that is digitally signed, as set forth in Table 2. 



Table 2: Improved Unique Indicium Contents 



Item Number 


Field Name 


Size (Bytes) 


1 


Indicia Version Number 


1 


2 


Algorithm ID 


1 


3 


Certificate Serial Number 


4 


4 


Device ID 


8 


5 


Ascending Register 


5 


6 


Postage 


3 


7 


Date 


4 


8 


License ZIP 


4 


9 


Tracking Number 


5 


10 


Software ID 


6 


11 


Descending Register 


4 


12 


Rate Category 


4 


13 


Piece Count 


4 


14 


Signature 


40 



The "Indicia Version Number" identifies the version number assigned by the USPS to 
1 5 the indicia data set. The "Algorithm ID" identifies the digital signature algorithm used to 
create the digital signature on the postage indicium. The "Certificate Serial Number" 
identifies the unique serial number of the certificate issued by the EBIP Certificate Authority. 
The "Device ID" identifies the USPS-assigned ID for each postage vendor, and the user 
account for which the postage indicium will be issued. The "Ascending Register" identifies 
20 the total monetary value of all postage indicia ever produced for the user account. The 

*Tostage" identifies the amount that will be applied to the mail piece. The "Date" identifies 
the date of mailing for a mail piece on which the postage indicium will be appUed. The 
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"License ZIP" identifies the 5-digit zip code for the Ucensing post office. The "Tracking 
Number" identifies the unique tracking ID issued by the USPS for that particular mail piece. 
The "Piece Count" identifies the serial nximber for the mail piece produced for that user 
accoxmt. The "Software ID" identifies the end user computer software ID number. The 
5 "Descending Register" identifies the postage value remaining in the user account The "Rate 
Category" identifies the postage class, including any presort discount level, and rate. The 
"Signature" is the digital signature of items 1-13. It should be noted, however, that the digital 
signature can be derived firom any combination of the items, provided that the unique 
tracking number is included in the digital signing process. 

10 The overall advantage of this approach is that it inserts at least one unique identifier in 

the digitally signed portion of the postage indicium. Not only does this allow detection of 
copy firaud, but the use of a tracking ID, which is scaimed 100% of the time, leads to other 
security advantages. And this approach meets the current USPS desire to vahdate mail pieces 
in a stand-alone environment. The scan will validate the digital signature on the postage 

15 indicium and present the tracking ID instead of the destination zip code in the case of tracked 
packages. There are other reasons for replacing the destination zip code in the digitally 
signed contents of the postage indicium. Not only is flie destination zip code not unique, in 
many cases it does not exist. For instance, mail pieces sent firom the United States to foreign 
countries do not contain a destination zip code in the postage indicium. Also, there is a class 

20 of IBIP-related technologies, such as postage strip printers and IBIP "sheet stamps," that do 
not include a destination zip code in the postage indicium. Since both venues print the 
address in a separate and distinct operation from the postage indicium printing, the USPS has 
permitted the destination zip code field in the postage indicium to be set to zeroes. This 
opens the door for copy fraud. 

25 Optionally, the destination zip code may be appended to the 'Vendor portion" of the 

postage indicium, which is an area of the postage indicium that is not scanned by the USPS 
and not digitally signed. 

Referring specifically to Fig. 5, the centralized postage-issuing computer system 306 
differs firom the centralized postage-issuing computer system 305 in that it provides means 
30 through which the master tracking computer system 310 issue tracking ID's to the end user 
computers 308. To the extent that the components of centralized postage-issuing computer 
systems 305 and 306 are similar, identical reference numbers have been used. In addition to 
the components contained in the centralized postage-issuing computer system 305, the 
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centralized postage-issuing computer system 306 comprises postage dispensing modules 427, 
which additionally include a tracking ID request module 438 and a communications module 
435. The tracking ID request module 438 is conjagured for generating and transmitting 
requests for ujiique tracking ID's to the master tracking computer system 3 10 in response to 
5 receiving requests for imique tracking ID's from the end user computers 308. These requests 
take the form of query streams and contain the same information as in the tracking ID 
requests generated by the tracking ID request module 414 in each of the end user computers 
308. The communications module 435 is configured for handling communications witii the 
end user computers 308 over the conununications links 314 (such as, e.g., receiving tracking 
10 ID requests and postage indicium requests and transmitthig tracking ID's and unique postage 
indicia). The communications module 435 is further configured for handling 
conmiunications with the master tracking computer system 310 over the communications link 
316 (such as, e.g., transmitting tracking ID requests and receiving tracking ID*s). 

Referring specifically to Fig. 6, the centraUzed postage-issuing computer system 307 

15 differs fi-om the centralized postage-issuing computer system 306 in that rather than 

requesting and receiving tracking ID's fi-om the master tracking computer system 310 as 
tracking ID requests are received from the end user computers 308, the centralized postage- 
issuing computer system 307 stores a pool of unassigned tracking ID's previously received 
from the master tracking computer system 310 and allocates tracking ID's from this pool as 

20 tracking ID requests are received from the end user computers 308. To the extent that the 
components of centralized postage-issuing computer systems 306 and 307 are similar, 
identical reference numbers have been used. 

In addition to the previously described components, the centraUzed postage-issuing 
computer system 307 comprises a local memory 452, which in addition to the previously 

25 described databases, stores a tracking ID database 454 of pre-stored unassigned tracking ID's 
received by the master tracking computer system 310, and a tracking information database 
456 for storing each tracking ID that has been issued to an end user computer 308 and the 
postage information associated with each tracking ID, i.e., the information contained hi the 
tracking ID request. The centralized postage-issuing computer system 307 fiirther comprises 

30 a set of postage dispensing modules 458, which in addition to the previously described 
modules, includes a tracking ID allocation module 460 in place of the tracking ID request 
module 438, and a database management module 462 in place of the database management 
module 436. The tracking ID allocation module 460 is configured for allocating unique 

35 

BNSDOCiD: <WO____03044e20A2J_> 



wo 03/044620 PCT/US02/33024 

tracking ID's from the tracking ID database 454 to the end user computers 308 in response to 
receiving tracking ID requests from the end user computers 308. In addition to performing 
the afore-described functions, tiie database management module 462 is further configured for 
storing pools of unassigned tracking ID's within the tracking ID database 454 as they are 
5 periodically received by the master tracking computer system 3 10, and for periodically 

retrieving postage information from the tracking information database 456 for transmission to 
the master tracking computer system 310. 

Referring specifically to Fig. 7, the master tracking computer system 310 comprises 
data processing circuitry 464 (such as, e.g., a Central Processor Unit (CPU)) for executing 
1 0 programs, a local memory 468, and a communications interface 466 (such as, e.g., a bank of 
modems , a LAN connection, or Internet connection) for handling communication with the 
centralized postage-issuing computer systems 306/307 over communications links 316 or 
with the end user computers 308 over communications links 322. If the master tracking 
computer system 310 and the postage validation computer system 312 are not embodied in 
15 the same computer, the communications interface 466 may also handle communication with 
the postage vaUdation computer system 312. The local memory 468, which will typically 
include both random access memory and non-volatile disk storage, stores tracking ID 
maintenance procedures that are embodied in various software modules 470. The local 
memory 468 also stores a tracking information database 472 for storing each tracking ID that 
20 has been issued to an end user computer 308 and the postage information associated with 
each tracking ID, i.e., the information contained in the tracking ID request. Although the 
local memory 468 is depicted in Fig. 6 as a single memory device, it should be understood 
that it can be implemented in a multitude of memory devices. 

The tracking ID maintenance modules 470 include a communications module 474, 
25 tracking ID allocation module 476, and database management module 478. The 

communications module 474 is configured for handling communications with the centralized 
postage-issuing computer systems 306/307 over fee coromunications links 316, or with end 
user computers 308 over the communications links 322 (such as, e.g., receiving single 
tracking ID requests and transmittrug tracking ID's to and from the centralized postage- 
30 issuing computer systems 306 or end user computers 308, as well as transmitting pools of 
imassigned tracking ID's and receiving assigned tracking ID's and associated postage 
information to and from the centralized postage-issuing computer systems 307). The 
communications module 474 is also configured for handling communications with the 
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postage validation computer system 312 over the communications link 318 (such as, e.g., 
receiving requests for assigned tracking ID's, associated postage information, and current 
delivery status, and transmitting the assigned tracking ID's, associated postage information, 
and current delivery status). The tracking ID allocation module 476 is configured for 
5 generating unique tracking ID's in response to receiving tracking ID requests firom the 

centralized postage-issuing computer systems 306, or optionally firom the end user computers 
308, The database management module 478 is configured for storing and retrieving assigned 
tracking ID's and associated postage information to and firom the tracking information 
database 472. Although the local memory 468 is depicted in Fig. 7 as a single memory 
10 device, it should be understood that it can be implemented in a multitude of memory devices. 

Referring specifically to Fig. 8, the postage validation computer system 312 
comprises data processing circuitry 480 (such as, e.g., a Central Processor Unit (CPU)) for 
executing programs, a communications interface 482 (such as, e.g., a bank of modems, a 
LAN connection, or Internet connection) for handling commimication with the centralized 

15 postage-issuing computer system 305/306/307, postage scaiming stations 484, and a local 
memory 486. If the master trackmg computer system 310 and the postage validation 
computer system 312 are not embodied in the same computer, the commxmications interface 
482 may also handle communication with the master tracking computer system 310. The 
postage scaiming stations 484 mclude the software and hardware (including a barcode reader) 

20 necessary for reading the barcode information applied on each mail piece and displaying it in 
a human-readable format for postal verifiers. The local memory 486, which will typically 
include both random access memory and non-volatile disk storage, stores a set of postage 
validation procedures that are embodied in various software modules 488. The local memory 
also stores a meter information database 490 of information about each licensed postage 

25 meter, i.e., each end user computer 308, and a transaction database 491 for storing records 
concerning every mail piece validated or rejected by the postage validation computer system 
312, including the unique identifier(s) contained in the postage iadicium, e.g., the tracking ID 
and postage vendor ID/user account/piece count (or ascending register). 

The postage validation modules 488 include a communications module 492, database 
30 management module 493, a postage indicia validation module 494, and unique identifier 
comparison module 495. The communications module 492 is configured for handling 
communications with the centraUzed postage-issuing computer systems 305/306/307 over the 
communications links 318 (such as, e.g., receiving updated end user computer information 
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and public key infoxmation). The communications module 492 is also configured for 
handling communications with the master trackmg computer system 310 over the 
commimications link 320 (such as, e.g., transmitting requests for tracking ID associated 
postage information and receiving the tracking ID associated postage mformation). The 
5 database management module 493 is configured for storing and retrieving pertinent 

information to and fi-om the meter information database 490 and transaction database 491 . 

The postage indicia validation module 494 is configured for validating the postage 

indicia, and includes a pubhc key association submodule 496 for selecting a pubhc key fi:om 

the set of public keys 497, as dictated by the certificate serial number (item #3 in Table 2) in 
10 the self-validating unique postage indicium, and a digital signature verification submodule 

498, along with a selected public key, configured for verifying the digital signature in the 

self-validating xmique postage indicium. 

The unique identifier comparison module 495 is configured for comparing the 

digitally authenticated unique identifier contained in the postage indicium to all of the unique 
15 id tifiers previously stored in the transaction database 491 to detect copy firaud. That is, a 

mdtch means that the unique identifier has been previously used, which is an indication of 

copy fi:aud. 

Referring specifically to Fig. 9, and with general reference to Figs. 3-5 and 7, a 
procedure for indirectly issuing a tracking ID from the master tracking computer system 310 

20 to the end user computer 308 via the centraUzed postage-issuing computer system 306 and 
applying it to the label 200 will now be described. At steps 500-504, the end user computer 
308 generates and transmits a request for a unique tracking ID to the centralized postage- 
issuing computer system 306, In particular, the end user operates the user interface 402 of 
the end user computer 308 to request a unique tracking ID and enter postage information to 

25 be associated with the unique tracking ID (step 500). As previously discussed, this postage 
information may contain the API user account ID and password, complete destination address 
for the mail piece, sender's complete address, weight of the mail piece, service class, and the 
amount of postage. The tracking ID request module 414 then generates a tracking ID request 
with the associated postage information (step 502). The communications interface 410 then, 

30 under control of the communications module 418, transmits the tracking ID request over the 
communications link 314 (step 504). 
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At Steps 506-510, the centralized postage-issuing computer system 306 receives the 
tracking ID request from flae end user computer 308, and generates an identical tracking ID 
request, and transmits the tracking ID request to the master tracking computer system 310. In 
particular, the communications interface 423, under control of the communications module 

5 434, receives the tracking ID request over the commmiications link 314 (step 506). The 
tracking ID request module 438 then generates a tracking ID request with the associated 
postage information, which is identical to the tracking ID request received from the end user 
computer 308 (step 508). Optionally, the database management module 436 stores the 
tracking information within a database, such as, e.g., a tracking information database (not 

10 shown). The communications interface 423 then, imder control of the communications 

module 434, transmits tiie tracking ID request over the commvmications link 316 (step 510). 

At steps 512-518, the master trackmg computer system 310 receives the tracking ID 
request from the centralized postage-issuing computer system 306, allocates a unique 
tracking ID to the end user computer 308, records the vmique tracking ID, along with the 

1 5 associated postage information, and transmits the unique tracking ID to the centralized 

postage-issuing computer system 306. In particular, the communications interface 466, under 
contix)l of the communications module 474, receives the tracking ID request over the 
communications link 316 (step 512). The tracking ID allocation module 476 then allocates a 
unique tiracking ID to the end user computer 308, which typically will be the next tracking ID 

20 in a series of tracking ID's (step 514). The database management module 478 then stores the 
unique tracking ID, as well as the associated postage information contained within the 
tracking ID request received from the cenfralized postage-issuing computer system 306, 
within the tracking information database 472 (step 516). The conmiunications interface 466 
tiien, xmder control of the commmiications module 474, transmits the unique tracking ID over 

25 the communications link 316 (step 518). 

At stq)s 520 and 522, the centralized postage-issuing computear system 306 receives 
the unique tracking ID from the master tracking computer system 310 and fransmits the 
unique trackmg ID to the end user computer 308. In particular, the conununications interface 
423, under control of the communications module 434, receives the unique tracking ID over 

30 the communications link 316 (step 520). The conmiunications interface 423 then, under 
control of the conmiunications module 434, transmits the tracking ID over the 
communications link 314 (step 522). 
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At steps 524 and 526, the end xiser computer 308 receives the tracking ID from the 
centraUzed postage-issuing computer system 306 and prints the tracking ID on the label 200. 
In particular, the communications interface 410, under control of the communications module 
418, receives the unique tracking ID over the communications Unk 314 (step 524). The 
5 tracking ID printing module 420 then prints on the label 200 the standard tracking ID 21 8 as 
the one-dimensional barcode 220 (step 526). 

Referring specifically to Fig. 10, and with general reference to Figs, 3-4 and 6-7, a 
procedure for issuing a tracking ID from the centralized postage-issuing computer system 307 
to the end user computer 308 and applying it to the label 200 will now be described. At steps 
10 528-532, the end user computer 308 generates and transmits a request for a imique tracking 
ID to the centralized postage-issuing computer system 307. Steps 528-532 are similar to 
steps 500-504 described with respect to Fig. 9 and will thus not be described in detail here. 

At steps 534-540, the centralized postage-issuing computer system 307 receives the 
tracking ID request from the end user computer 308, allocates a unique tracking ID to the end 

15 user computer 308, records the unique tracking ID, along with the associated postage 
information, and transmits the unique tracking ID to the end user computer 308. In 
particular, the communications interface 423, under control of the communications module • 
434, receives the tracking ID request over the commimications link 314 (step 534). The 
tracking ED allocation module 460 then allocates a unique tracking ID to the end user 

20 computer 308, which typically will be the next tracking ID in a series of tracking ID's stored 
in the tracking ID database 454 (step 536). The database management module 462 then 
stores within the tracking information database 456 the unique tracking ID, as well as the 
associated postage information contained within the tracking ID request received from the 
end user computer 308 (step 538). The communications interface 423 then, under control of 

25 the communications module 434, transmits the tracking ID over the communications link 314 
(step 540). 

At steps 542 and 544, the end user computer 308 receives the tracking ID from the 
centralized postage-issuing computer system 306 and prints the tracking ID on the label 200. 
Steps 542 and 544 are similar to steps 526 and 528 described with respect to Fig. 9 and will 
30 thus not be described in detail here. Periodically, such as, e.g., once a day, a pool of 

unassigned unique tracking ID's will be downloaded into the centralized postage-issuing 
computer system 307 from the master tracking computer system 310, and assigned tracking 
ID*s and the associated postage information will be uploaded from the c^tralized postage- 
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issuing computer system 307 to the master tracking computer system 310. Alternatively, 
rather than sending tracking information in batch mode, the trackmg information can be 
transmitted to the master tracking computer system 310 in real-time, i.e., as the tracking ID's 
are assigned to the end user computers 308. 

5 The procedure for performing these downloading and uploading functions are now 

described with respect to Fig. 1 1. At steps 546-552, the centralized postage-issuing computer 
system 307 retrieves all of the accumulated assigned tracking ID's and associated postage 
information and transmits it to the master tracking computer system 310, and then the master 
tracking computer system 310 receives the tracking infonnation from the centralized postage- 

10 issuing computer system 307 and records it. In particular, the database management module 
462 retrieves the assigned tracking ID's and associated postage infonnation from the tracking 
information database 456 (step 546). The communications interface 423 then, under control 
of the communications module 434, transmits the retrieved tracking information over the 
communications link 316 (step 548). The communications interface 466, under control of the 

1 5 communications module 474, receives the tracking information over the communications Unk 
316 (step 550). The database managemMit module 478 then stores the tracking infonnation 
in the tracking information database 472 (step 552). 

At steps 554-560, die master tracking computer system 310 generates a pool of 
unassigned tracking ID's and transmits it to the centralized postage-issuing computer system 

20 307, and the centralized postage-issuing computer system 307 receives the pool of 

imassigned unique tracking ID's from the master tracking computer system 310 and records 
it. In particular, the database management module 478 generates a pool of unassigned unique 
tracking ID's (step 554). The communications interface 466 then, under control of the 
communications module 474, transmits the pool of unassigned tracking ID's over the 

25 communications link 316 {sbesp 556). The communications interface 423, under control of the 
communications module 434, receives the tracking information over the communications link 
316 (step 558). The database management module 462 then stores the pool of unassigned 
unique trackmg ID's in the tracking ID database 454 (step 560). 

Referring specifically to Fig. 12, and with general reference to Figs. 3-5 and 7-8, a 
30 procedure for directly issuing a tracking ID from the master tracking computer system 3 10 to 
the end user computer 308 and applying it to the label 200 will now be described. At steps 
562-566, the end user computer 308 generates and transmits a request for a unique tracking 
ID to the mast^ tracking computer system 310. Steps 562 and 564 are similar to steps 500 
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and 502 described with respect to Fig. 9 and will thus not be described in detail here. After 
steps 562 and 564, the communications interface 410, under control of the communications 
module 418, transmits the tracking ID request over the conMnunications liiik 322 (step 566). 

At steps 568-572, the master tracking computer system 310 receives the tracking ID 
5 request firom the end user computer 308, allocates a unique tracking ID to the end iiser 

computer 308, records the unique tracking ID, along with the associated postage information, 
and transmits the imique tracking ID to end user computer 308, In particular, the 
communications interface 466, under control of the communications module 474, receives 
the tracking ID request over the communications link 322 (step 568). The tracking ID 

10 allocation module 476 then allocates a unique tracking ID to the end user computer 308, 
which typically will be the next tracking ID in a series of tracking BD's (step 570). The 
database management module 478 then stores within the tracking information database 472 
the unique tracking ID, as well as the associated postage information contained within the 
tracking ID request received from tiie end user computer 308 (step 572). The 

15 communications interface 466 then, under control of the commiinications module 474, 
transmits the unique tracking ID over the communications liiik 322 (step 574). 

At steps 576 and 578, the end user computer 308 receives the tracking ID from the 
master tracking computer system 310 and prints the tracking ID on the label 200. In 
particular, the communications interface 410, under control of the conrtnunications module 
20 418, receives the unique tracking ID over the communications link 322 (step 576). The 

tracking ID printing module 420 then prints on the label 200 the standard tracking ID 21 8 as 
the one-dimensional barcode 220 (step 578). 

Referring specifically to Fig. 13, and with general reference to Figs. 3-6, the 
procedure for dispensing and applying a self-validating unique postage indicium to the label 

25 200 will now be described. At steps 600-604, the end user computer 308 generates and 
transmits a unique postage indiciimi request to the centralized postage-issuing computer 
system 305/306/307. In particular, the end user operates the user interface 402 of the end 
user computer 308 to request a unique postage indicium and enter postage information to be 
associated with the unique postage indicium (step 600). As previously discussed, this 

30 postage information may contain the user's meter or account ID, the user account password, 
postage requested, service class, optional data advance, and ZIP+4+2 of the deUvery address. 
If the end user computer 308 has previously obtained a tracking ID directly from tiie master 
tracking computer system 310 by the process described in Fig. 12, the postage information 
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will also contain the tracking ID. In any event, the postage indicia request module 416 then 
generates a postage indicium request with the associated postage information (step 602). The 
communications interface 410 then, under control of the communications module 418, 
transmits the postage indicium request over the communications link 314 (step 604). 

5 At steps 606-61 8, the centralized postage-issuing computer system 305/306/307 

receives the postage indicium request ftom the end user computer 308, validates it, records 
the postage information contained in the postage indicium request, as well as any other 
transaction specific pertinent information, generates a self-validating unique postage 
indicium, and transmits the self-validating unique postage indicium to the end user computer 

10 308. M particular, the communications interface 423, under control of the communications 
module 434, receives the postage indicium request over the communications link 314 (step 
606). The postage indicium request validation module 440 then validates the postage 
indicium request by validating the user account ID and account password (step 608). If the 
user account ID or password does not correspond to an active user account, an error message 

IS is generated. 

The database management module 436 then updates the customer database 428 and 
postage database 430 with the pertinent transaction specific information (step 610). If 
available, flie database management module 436 will store the tracking ID in the postage 
database 430. The postage indicium generation module 442 tiien generates the self-validating 

20 unique postage indicium (steps 612-616). Specifically, the postage indicium generation 

submodule 446 generates a unique postage indicium containing the items set forth in Table 2, 
including the unique identifier(s) (such as, e.g., the postage vendor ID/user account number 
in combination with the piece count or descending register number, and unique tracking ID 
(if available) contained within the postage indicium request) (step 612). At this point, the 

25 unique postage indicium is not self-validating. The digital signature generation submodule 
448 then derives a digital signature fi-om the unique postage indicium by applying the private 
key 444 thereto (step 614). The association submodule 450 then generates the self-validating 
unique postage indicium by associating the digital signature with the unique postage indicium 
(st^ 616). The communications interface 423 then, under control of the communications 

30 module 434, transmits the self-validating unique postage indicium over the communications 
link 314 (step 618). 

At steps 620 and 622, the end user computer 308 receives the self-validating unique 
postage indicium firom the centralized postage-issuing computer system 305/306/307 and 
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prints it on the label 200. In particular, the communications interface 410, under control of 
the communications module 418, receives the self-vaUdating unique postage indicium over 
the communications link 314 (step 620). The postage indicia printing module 420 then prints 
on the label 200 the two-dimensional barcode 206 corresponding to the self-validating unique 
5 postage indicium (step 622). The label 200 can then be ^pUed to the appropriate mail piece. 

It should be noted that although tiie trackmg ID acquisition and printing processes 
described with respect to Fig. 9-12, and the postage indicium acquisition and printing process 
described with respect to Fig. 13, have been described as distinct functions, these processes 
are preferably perfomied as a single process as experienced by the end user. For example, 

10 the tracking ID and postage indicium requests will be separately generated and transmitted 
from the end user computer 308, but will be prompted by the single click of a mouse on, e.g., 
a "print button." Upon the acquisition of both the tracking ID and postage indicium, the 
barcodes wiU be printed on the label 200 as a single step. If either or both of the tracking ID 
and postage indicium are not returned successfully, nothing is printed on the label 200. For 

15 example, if the postage indicium request fails for any reason, the entire process is aborted 
even through a tracking ID has been issued, in which case, it will be "orphaned." 

Referring to specifically Fig. 14, Mid with general reference to Figs. 4-7, the 
procedures for validating the postage on a mail piece using a stand-alone procedure will now 
be described. It should be noted that the order of the vaUdation steps in the procedure is 

20 completely variable and will hkely vary from implementation to implementation. At step 
700, the postal verifier operates a postage scanning station 484 within the postage vaUdation 
computer system 3 12 to read the self-validating postage indicium (i.e., the two-dimensional 
barcode 206) on the mail piece and display its conteoits to the verifier. At step 702, the 
verifier then manually compares the contents of the two-dimensional barcode 206 to the 

25 human-readable information (e.g., mailing date, postage amount, origin of mail piece, and 
destination of mail piece). If the barcode information does not match the human-readable 
information, this is an indication of hkely firaudulent use of a postage indicium and is treated 
as such. Further details on this comparison process are disclosed in U.S. Patent No. 
6,005,945, which has previously been incorporated herein by reference. 

30 At steps 704-706, the postal verifier validates the postage indicium itself by operating 

the postage indicia vaUdation module 494. In particular, the pubUc key association 
submodule 496 obtains from the set of pubUc keys 497 Ihe pubUc key corresponding to the 
Certificate Serial Number (item #3 in Table 2) within the postage indicium (step 704). The 
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digital signature verification submodule 498 then verifies the digital signature of the postage 
indicium (step 706) to determine if they are consistent. If the signature verification process 
returns a Boolean true, this indicates that the postage indicium was in fact generated by a 
secure central computer 305/306/307 for a mail piece of the same approximate weight, origin 
5 and destination as the mail piece being processed. 

This will not, however, detect copy fraud. Thus, at.step 708, tiie unique identifier 
comparison module 495 compares the unique identifier(s) of the mail piece (i.e., the unique 
tracking ID (if available), and the postage vendor ID/user account/piece count (or ascending 
register)) with the set of unique identifiers previously stored in the transaction database 491. 
10 If the unique identifier of the current mail piece matches at least one of the unique identifiers 
stored in the transaction database 491, copy fraud is assumed, or at least suspected. If the 
unique identifier of the current mail piece does not match at least one of the unique identifiers 
stored in the transaction database 491, copy fraud is not assumed, although copy fraud may 
be detected if a fraudulent duplicate of the postage indicium is subsequently processed. 
15 It is worth noted that copy fraud detection usmg this process works with respect to 

any mail piece of any nature only if the unique identifiers contained in the postage indicia of 
aU mail pieces are scanned and entered into the transaction database 491. Alternatively, copy 
fraud detection using this process works with respect to any mail piece that carries a tracking 
ID if the tracking ID's contained in the postage indicia of all of these types of mail pieces are 
20 scanned and entered into the transaction database 491. Currently, however, the USPS only 
spot checks the postage indicia, and thus copy fraud may be currently difficult to detect usmg 
copy fraud— at least until the USPS scans 100% of the postage indicia. For example, if the 
postage indicia is checked only 10% of time, statistically, copy fraud will only be detected 
1% of die time. 

25 Alternatively, wheal spot checking is the norm, detection of copy fraud m maU pieces 

diat carry unique tracking ID's can be maximized by comparing the unique trackmg ID 
contained in the postage indicium with fixe standard tracking ID printed on the mail piece 
(step 710). Thus, if the unique tracking ID contained in the postage indicium does not match 
the tracking ID contained elsewhere on the mail piece, copy fraud is suspected. It is noted 

30 that the one-dimensional barcode 220 associated with the tracking ID is scanned 1 00% of the 
time in the normal course of the USPS tracking business, and thus, a copyist will not attempt 
to dupUcate one-dimensional barcodes 220 along with the unique postage indicia, but will 
rather only attempt to duplicate the unique postage indicia hoping that the tracking ID's 
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contained therein wiU not be compared with the tracking ID's associated with the one- 
dimensional barcodes 220. Thus, if the postage indicia is checked 10% of the time, copy 
fraud will be detected 10% of the time-a significant improvement. 

It should be noted that additional transaction mfoimation can be obtained from the 

5 centraUzed postage-issuing computer system 305/306/307 or master tracking computer 

system 310 over the communications links 318 and320. This process will not be described 
in further detail. After the postage has been validated or rejected, the database management 
module 493 stores the postage information, including the unique identifier(s) contained 
within the postage indicium within the transaction database 491, along with the results of the 

10 vaUdation process (step 712). If vaUd, the mail piece is then submitted for normal deHvery 
processing (step 714). 

With reference to Fig. 15, a postage system 350 comprises a centralized postage 
indicia generation system 352, which mcludes a multitude of centralized postage-issuing 
computer systems 356, each of which includes a multitude of end user computers 358. The 

15 postage system 350 also generally comprises a postal service 354, which includes an optional 
master tracking computer system 360 and a postage vaUdation computer system 362. The 
centralized postage-issuing computer system 356, end user computer 358, master tracking 
computer system 360, and postage validation computer system 362 communicate with each 
other over communications hnks 364-370 (such as, e.g., LAN, Internet, or telephone 

20 network). 

These components are generally sinular to the same-named components of the 
postage system 300, but differ somewhat in that it provides a means for validating postage 
indicia in a non-stand-alone verification system using indexing identifiers. In this 
embodiment, in response to requests for postage from end user computers 358, each 

25 centraUzed postage-issuing computer system 356 generates postage indicia, and rather than 
transmittmg it to the end user computers 358, indexes and stores tiie postage indicia. The 
postage indicia are indexed using indexing identifiers, which are transmitted to the end user 
computers 358 for printing on the mail pieces. In the illustrated embodiment, the indexing 
identifiers are unique within the postage service 354. Thus, at least for a significant period of 

30 time, e.g., one year, no two unique indexing identifiers will be identical, thereby providing a 
reliable means for detecting mail fiaud. The unique indexing identifiers can be composed of 
numbers, letters, or a combination thereof, and can be composed of backing ID's postage 
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vendor ID/user account/piece count (or ascending register) combinations, similar to the 
unique identifiers described with respect to the postage system 300. 

These printed indexing identifiers can then be subsequently used by the postage 
service 354 to obtain the stored postage indicia fi^om the centralized postage-issuing computer 
5 systems 356. The centralized postage indicia generation methodology offers a host of new 
security enhancements. Thus, if one makes the assumption that any mail piece validation tool 
would have access to the Memet (e.g., a laptop with a wireless Ihtemet connection on a 
loading dock, or a desktop personal computer (PC) located in a mail processing faciUty), then 
one may greatly simpUfy the information contained on the mail piece itself if the mail piece 
10 was generated with a centralized postage service. 

Turning now to Figs. 16-18, the stinictural details of the postage system 350 will now 
be described. For purposes of brevity, the tracking ID related components have not been 
included in the shucture details of the postage system 350. It should be noted, however, that 
such tracking ID components could be incorporated in the postage system 350 to provide 
15 trackmg ID functionality to the postage system 350 similar to tiiat of the postage system 300. 

With specific reference to Fig. 16, each end user computer 358 contains conventional 
computer hardware, including a user interface 802, data processing circuitry 808 (such as, 
e.g., a Central Processor Unit (CPU)), and communications interface 810, which are similar 
to the same-named components of tiie previously described end user computer 308 and will 
20 tiius not be described in fiuHier detail. The end user computer 358 fiirther comprises local 
memory 811, which is similar to the local memory 41 1 of the previously described end user 
computer 308, with the exception that it includes a set of mail handling modules 812 
configured to handle indexing identifiers, rather tiian tiackmg ID's and postage indicia. 

Specifically, the mail handling modules 812 include an indexing identifier request 
25 module 814, communications module 8 1 8, and indexing identifier printing module 820. The 
indexmg identifier request module 814 is configured for generating a request for an indexing 
identifier. In the illustrated embodiment, this request takes the form of a query stream (e.g., 
in Extensible Markup Language (XML) format), and contains information specific to the 
immediate postage dispensing transaction (such as, e.g., the user's meter or account ID, the 
30 user account password, postage requested, service class, optional data advance, and ZIP+4+2 
of the delivery address), ilie communications module 818 is configured for handling 
communications with the centralized postage-issuing computer system 356 over the 



47 



BNSOOCIO: <WO ^03O44e2OA2J_> 



wo 03/044620 PCT/US02/33024 

communications link 364 (such as, e.g., transmitting indexing identifier requests and 
receiving indexing identifiers in response thereto). The indexiag identifier printing module 
820 is configured for printing an indexing identifier 203 received from the centraUzed 
postage-issuiQg computer system 356 on a label 201. The completed label 201 is similar to 
5 the completed label 200 illustrated in Fig. 4, with the exception that the indexing identifier is 
printed thereon rather than a postage indicium and tracking ED. 

The indexing identifier can be printed on the label 201 in various formats. For 
example. Fig. 19 illustrates a two-dimensional barcode 256, which represents the indexing 
identifier. As can be seen, the two-dimensional barcode 256 is much smaller than two- 

10 dimensional barcodes that represent a fiill postage indiciimi, because it contains much less 
information, i.e., a unique identifier. In this case, the unique identifier is composed of a 
postage vendor ID (07), user account number (500361), and piece count (1221'* piece 
generated for this user account). In fact, the information makes the indexing identifier is so 
minimal, that a one-dimensional barcode can be used. For example, a Code 128 barcode 258 

15 illustrated in Fig. 20, or postal-specific barcode topology, such as the POSTNET or PLANET 
barcode 260 illustrated in Fig. 21, can be used to represent the postage vendor ID, account 
number, and piece count of the indexing identifier. Even more alternatively, use of a barcode 
can be omitted altogetiier, and tiie indexing identifier can simply be printed on the mail piece 
as numerical data 262, as illustrated in Fig. 22. The numerical data 262 can be read by 

20 Optical Character Recognition (OCR) software, the speed of which is compatible with mail 
processing requirements. Note that although the examples in Figures 19, 20, 21 and 22 used 
the unique combinations of postage vendor ID, accoxmt niimber and piece count, one could 
alternately employ a postal authority assigned tracking number as the unique indexing 
identifier. 

25 Thus, the use of smaller two-dimensional barcodes or the simpler one-dimensional 

barcodes or digital data reduces the footprint required on the mail piece, and leaves that much 
more room for addressing, advertising, etc. This reduction in data also reduces tiie load on 
high speed printers, which have difficulty placing custom, non-static barcode images on mail 
pieces without compromising their rated speed (often 10,000-30,000 pieces per hour). 

30 Standard text can be printed at fiiU speed, and most high-speed printers have one-dimensional 
barcode software (e.g.. Code 128) in the printer firmware. Therefore, use of an indexing 
identifier, rather than a fiill postage iadicium, opens the IBIP market to mass mailers, which 
account for the bulk of USPS letter mail revenue. Not only will use of the indexing identifier 
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reduce printing costs, it will also reduce capital expenditure costs for barcode reading 
hardware. If OCR readable data is used for the indexing identifier, OCR capabilities, which 
the USPS already has extensive experience, can be used. 

Witibi specific reference to Fig. 17, each centralized postage-issuing computer system 
5 356 comprises data processing circuitry 820 (such as, e.g., a Central Processor Unit (CPU)) 
and a communications interface 822, which are similar to the same-named components of tiie 
previously described centralized postage-issuing computer system 305 and will thus not be 
described in further detail. The centralized postage-issuing computer system 356 finrther 
comprises a local memory 824, which is similar to the local memory 424 of the previously 
10 described centralized postage-issuing computer system 305, with the exception that it 
includes a set of postage dispensing modules 826 configured to index and store postage 
indicia, and transmit an indexing identifier, rather than the complete postage indicia, to the 
end user computers 358. The local memory 824 fijrther includes, in addition to a customer 
database 828, postage database 830, and finance database 832, a postage indicia database 831 
1 5 for storing the indexed postage indicia. 

Specifically, the postage dispensing modules 826 include a communications module 
834, database management module 836, indexing module 838, indexed identifier request 
validation module 840, and postage indicium generation module 842. The communications 
module 834 is configured for handling communications with the end user computers 358 over 
20 the cormnunications links 364 (such as, e.g., receiving indexing identifier requests and 

transmitting indexing identifiers). The database management module 836 is configured for 
storing and retrieving pertinent information in and fi-om the customer database 828, postage 
database 830, and finance database 832, as well as for storing and retrieving indexed postage 
indicia in and firom the postage indicia database 831. The postage indicia can include, e.g., 
25 the postage amount, date and time the postage indicium was created, service class, optional 
data advance, delivery zip code, and tracking ID (if the mail piece is a tracked piece). The 
indexing identifier request validation module 840 is configured for validating indexing 
identifier requests received firom the end user computer 358 by, e.g., validating Ibe meter or 
account ID and account password in the indexing identifier request in relation to the same 
30 information contained in the customer database 828. 

The postage indicium generation module 842, along witii a corresponding private key 
844, is configured for generating a self-validating postage indicium in response to each 
indexing identifier request received firom the end user computer 358. In generating the self- 
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validating postage indicium, the postage indicium generation module 842 comprises (1) a 
postage indicium generation submodule 846 for generating a postage indicium; (2) a digital 
sigoature generation submodule 848 for deriving a digital signature from the postage 
indicium using the private key 844; and (3) an association submodule 850 for associating the 
5 digital signature with the postage indicium to generate the self-validating postage indicium. 
In the illustrated embodiment, the self-validating postage indicium contains the same 
information as the postage indicium previously set forth in Table 2. The indexmg module 
838 is configured for associating the indexuig identifier transmitted to the end user computer 
358 with the postage indicium stored within the postage indicia database 831. 

10 It is noted that the elimination of the digital signature on the mail piece itself does not 

compromise security, since the postage indicium stored in the postage indicia database 831 of 
the centralized postage-issuing computer system 356 is digitally signed in accordance with 
the USPS IBIP specifications. The presence of the digital signature somewhere in the 
security model addresses one major concem of the USPS — ^that fraud attacks are very likely 

15 to involve "msiders" employed by the postage vendor. To fiirther ensure that the security 
system is impervious to even an insider attack, all security-critical operations such as 
indicium signing are actually accomplished within a Federal Information Processing Standard 
(FIPS-140/Level 4)-approved, physically secure coprocessor device (such as, e.g., an IBM 
4758). 

20 With specific reference to Fig. 1 8, the postage validation computer system 362 

comprises data processing circuitry 880 (such as, e.g., a Central Processor Unit (CPU)), and 
communications interface 882, which are similar to the same-named components of the 
previously described centralized postage-issuing computer system 305 and will thus not be 
described in further detail. The postage validation computer system 362 fiirther comprises 

25 postage scanning stations 884, include the software and hardware necessary for reading the 
indexed identifiers on each mail piece and displaying it in a human-readable format for postal 
verifiers. If the indexed identifiers are printed on the mail pieces in a two-dimensional or 
one-dimensional barcode format, the postage scanning stations will be equipped with barcode 
readers and accompanying software capable of reading these barcodes. If the indexed 

30 identifiers are printed on the mail pieces in a numerical data format, the postage scanning 
stations 884 will include OCR equipment. The postage validation computer system 362 
fijriher comprises a local memory 886, which is similar to the local memory 486 of the 
previously described central postage validation computer system 312, with die exception that 
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it validates mail pieces using the postage indicia obtained from the centralized postage- 
issuing computer system 356, rather than postage indicia printed on the mail pieces. 

The postage validation modules 888 include a communications module 892, database 
management module 893, postage indicia vaUdation module 894, and postage indicia request 
5 module 895. The postage indicia request module 895 is configured for generating a request 
for postage indicium. In the illustrated embodiment, this request takes the form of a query 
stream (e.g., in Extensible Markup Language (XML) format), and contains the indexing 
identifier read from the mail piece and a password. The communications module 8 1 8 is 
configured for handling communications with the centralized postage-issuing computer 
10 system 356 over the communications link 368 (such as, e.g., transmitting postage indicium 
requests and receiving postage indicia in response thereto). The postage indicia validation 
module 894 is configured for validating the postage indicia obtained from the centralized 
postage-issuing computer system 356, and includes a public key association submodule 896, 
pubUc keys 897, and digital signature verification submodule 898, which are similar to the 
1 5 same-named components in the previously described postage validation computer system 
312, and will thus not be fiurther described. 

Referring to specifically Fig. 23, and with general reference to Figs. 15-17, the 
procedures for indexing a postage indicivmi and applying an indexed identifier to the label 
201 will now be described. At steps 900-904, the end user computer 358 generates and 
20 transmits a indexing identifier to the centralized postage-issuing computer system 356. In 
particular, the end user operates the user interface 802 of the end user computer 804 to 
request an indexing identifier and enter postage information to be associated with the postage 
indicium (step 900). The indexing identifier request module 814 tiien generates an indexing 
identifier request with the associated postage information (step 902). The communications 
25 interface 810 then, under control of the communications module 818, transmits the indexing 
identifier request over the communications link 364 (step 904). 

At steps 906-910, the centralized postage-issuing computer system 356 receives and 
validates the indexing identifier request from the end user computer 358, and records the 
postage mformation contained in the postage indiciimi request, as well as any other 
30 transaction specific pertinent information. In particular, the communications interface 822, 
under control of the communications module 834, receives the indexing identifier request 
over the communications link 364 (step 906). The indexing identifier request validation 
module 840 then validates the indexing identifier request by validating the user account ID 
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and account password (step 908). If the user account ID or password does not correspond to 
an active user account, an error message is generated. The database management module 836 
then updates the customer database 828 and postage database 830 with the pertinent 
transaction specific information (step 910). 

5 At steps 912-916, the ceutralized postage-issuing computer system 356 then generates 

the self-validating unique postage indicium. Specifically, the postage indicium generation 
submodule 946 generates a postage indicium containing the items set forth in Table 2 (step 
912). The digital signature generation submodule 848 then derives a digital signature fi-om 
the postage indicium by applying the private key 844 thereto (step 914). The association 
10 submodule 850 then generates the self- validating postage indicium by associating the digital 
signature with the postage indicium (step 916). 

At steps 918-922, the centralized postage-issuing computer system 356 then indexes 
and records the self-validating postage indicium, and transmits the indexing identifier to the 
end user computer 358. Specifically, the indexing module 838 indexes the self-validating 
1 5 postage indicium by associating the indexing identifier therewith (step 918). The database 
management module 836 then stores the indexed self-validating postage indicitun in the 
postage indicia database 831 (step 920). The communications interface 822 then, under 
control of the communications module 834, transmits the indexing identifier over the 
communications link 314 (step 922). 

20 At steps 924 and 926, the end user computer 554 receives the indexing identifier jfrom 

the centralized postage-issuing computer system 356 and prints it on the label 201 . In 
particular, the commimications interface 810, under control of the communications module 
818, receives the indexing identifier over the communications link 364 (step 924). The 
indexing identifier printing module 820, prompted by the end user via the user interface, then 

25 prints on the label 201 the two-dimensional barcode 256, either of the one-dimensional 

barcodes 258 or 260, or the alpha-numerical data 262 (step 926). The label 201 can then be 
applied to the appropriate mail piece. 

Referring to specifically Fig. 24, and with general reference to Figs. 15, 17, and 18, 
the procedures for validating the postage on a mail piece using a non-stand-alone procedure 
30 will now be described. It should be noted that the order of the validation steps in the 
procedure is completely variable and will likely vary from implementation to 
implementation. 
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At Step 1000, the postal verijaer operates a postage scanning station 884 within the 
postage validation computer system 362 to read the indexing identifier (i.e., the two- 
dimensional barcode 256, one-dimensional codes 258 or 260, or alpha-nmnerical data 262) 
on the label 201 of the mail piece and display its contents to the verifier. 

5 At steps 1 002-1 004, the postage validation computer system 362 requests firom the 

centralized postage-issuing computer system 356 the self-validating postage indicium 
associated with the indexing identifier read from the mail piece. In particular, the postage 
indicia request module 895 generates a postage indicium request carrying the indexing 
identifier and the password (step 1002). The communications interface 882 then, under 
10 control of the communications module 892, transmits the postage indiciiun request over the 
communications link 368 (step 1004). 

At steps 1004-1010, the centralized postage-issuing computer system 356 then 
receives the postage indicium request, and retrieves and transmits to the postage validation 
computer system 362 the self-validating postage indicium corresponding to the inspected 

15 mail piece. In particular, the coinmunications interface 822, under control of the 

communications module 834, receives the postage indicium request over the communications 
link 368 (step 1006). The database management module 836 then retrieves firom the postage 
indicia database 831 the self-vaUdating postage indicium corresponding to the received 
indexing identifier (step 1008). The communications interface 822 then, imder control of the 

20 commimications module 834, transmits the self-validating postage indicium over the 
commimications link 368 (step 1010). 

At steps 1012 and 1014, the postage vaUdation computer system 362 receives the self- 
validating postage indiciimi fi-om the centralized postage-issuing computer system 356 and 
displays its contents to the postal verifier. In particular, the communications interface 882 

25 then, imder control of the communications module 892, receives the self-validating postage 
indicium from the centralized postage-issuing computer system 356 over the conamunications 
link 368 (step 1012), and the postage scanning station 884 displays its contents to the postal 
verifier (step 1014). At step 1016, the verifier then manually compares the contents of the 
self-validating postage indicium to the human-readable information (e.g., mailing date, 

30 postage amount, origin of mail piece, and destination of mail piece) on the mail piece. If the 
contents of the self-validating postage indiciimi do not match the human-readable 
information, this is an indication of likely fraudulent use of a postage indiciiun and is treated 
as such. 
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At steps 1018-1020, the postal verifier validates the postage indicium itself by 
operating the postage indicia validation module 894. In particular, the pubUc key association 
submodule 896 obtains from the set of pubUc keys 897 the public key corresponding to the 
Certificate Serial Number (item #3 in Table 2) within the postage indicium (step 1018). The 
digital signature verification submodule 898 then verifies the digital signature of the postage 
indicium to determine if they are consistent (step 1020). If the verification process returns a 
Boolean true, this indicates that the postage indicium was in fact generated by a secure 
central computer 356 for a mail piece of the same approximate weight, origin and destination 
as the mail piece being processed. If copy fraud is to be detected, a copy fraud detection 
process using unique identifiers or similar to Ihe process disclosed with respect to Fig. 14 can 
be utilized. 

After the postage has been validated or rejected, the database management module 
893 stores Ihe postage information, along with the results of the vaUdation process (step 
1022). IfvaUd,themailpieceisthensubmittedfornormaldehveryprocessing (step 1024). 

It should be noted that rather than have the postal verifier vaUdate the postage 
indicium, the centraHzed postage-issuing computer system 356 itself can validate Ihe postage 
indicium. In this case, the postage indicia validation module 894 will be located in the 
centralized postage-issuing computer system 356. Thus, after Ihe centralized postage-issuing 
computer system 356 retrieves the self-vahdating postage indicium corresponding to the 
20 indexing identifier at step 1008, it will vahdate the postage indicium itself using a 

corresponding public key. If it is vaUd, the centraUzed postage-issuing computer system 356 
will transmit a Boolean true, along with the afready validated postage indicium, to the 
postage vaUdation computer system 362, which will then perform postage validation steps 
1012, 1014, 1020, and 1022. If it is invalid, the centralized postage-issuing computer system 
356 ^11 transmit a Boolean false to the postage vaUdation computer system 362, which will 
then store the results of the validation process as being invaUd at step 1020. 

The use of an tracking ID as an indexing identifier not only allows the postal service 
to vaUdate the postage on mail pieces that bear the tracking ID, it provides the recipient of the 
mail piece ameans for verifying that the mail piece was sent from a tiiisted individual. 
30 Referring to Figs. 34 and 35, a means is provided for allowmg a mail recipient to enter a 

tracking number (Fig. 34) and obtaining identification information concerning the sender of 
the mail piece bearing the ticking number (such as, e.g., the name of the sender, employer of 
sender, if appUcable, and the address and zip code of the sender) and related postage 
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infoxmation (such as, e.g., the date the mail piece was sent, the weight of the mail piece, mail 
class, etc.) (Fig. 35). The centralized postage-issuing computer system 356 illustrated in Fig. 
17, and a mail recipient computer 378 illustrated in Fig. 36 are used to perform this process. 

The centraUzed postage-issuing computer 356 is configured in the same manner as 
5 previously described, but now optionally stores information relating to the sender of the mail 
piece. This can be stored in the postage database 830 or elsewhere. In reality, as a matter of 
course, the sender information is routinely stored in the centralized postage-issuing computer 
356, as well as transmitted to the USPS, when the sender obtains an account with the postage 
vendor. Thus, these **meter holders" are known to the postage vendor and the USPS, and can 
10 be considered to be trusted individuals or entities. 

Importantly, this sender identification information, along with postage information, 
can be easily retrieved by the centralized postage-issuing computer 356 upon receipt of the 
indexing identifier, and specifically, an associated tracking ID. With specific reference to 
Fig. 36, the mail recipient computer 378 is similar to previously described end user 

1 5 computers in that it contains conventional computer hardware, including a user interface 
1302, data processing circuitry 1308 (such as, e.g., a Central Processor Unit (CPU)) for 
executing programs, a communications interface 1310 (such as, e.g., a modem, LAN 
connection, or Internet connection) for handling communications with the centralized 
postage-issuing computer system 356 over a communications link 384, and local memory 

20 1311. The user interface 1 302 is configured to allow the mail recipient to request sender and 
related postage information. The local memory 1311, which will typically include both 
random access memory and non-volatile disk storage, stores a set of sender verification 
procedures that are embodied in software modules 1312, which includes a sender 
identification request module 1314 and a communications module 1318. 

25 The sender identification request module 13 14 is configured for generating a request 

for sender identification information, along with associated postage information. In the 
illustrated embodiment, this request takes the form of a query stream (e.g., in Extensible 
Markup Language (XML) format), and contains the unique tracking ID printed on the 
received mail piece. The communications module 1318 is configured for handling 

30 communications with the centralized postage-issuing computer system 356 over the 
commxmications link 384 (such as, e.g., transmitting sender identification requests and 
receiving sender identification information and associated postage information in response 
thereto). 
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Referring to Fig. 37, and with general reference to Figs. 34-36, the procedures for 
verifying the sender of a mail piece will now be described. It is assumed that the tracking ID 
(as the indexing identifier) and sender identification information, along with the postage 
information, has already been recorded in the centralized postage-issuing computer system 

5 356, and specifically the postage database 830, when the tracking number and postage was 
issued to the end user (presumably, the sender of the mail piece). At steps 1400-1404, the 
mail recipient computer 378 generates and transmits a request for sender identification 
information to the centralized postage-issuing computer system 356 by entering the tracking 
ID printed on the received mail piece into the user interface 1302, which displays a window 

10 similar to the one illustrated in Fig. 34. The sender identification request module 414 then 
generates a sender identification request with the associated tracking ID (step 1402). The 
commxmications interface 1310 then, under control of the communications module 1318, 
transmits the sender identification request over the communications link 384 (step 1404). 

At steps 1406-1410, the centralized postage-issuing computer system 356 then 
15 receives the sender identification request, and retrieves and transmits to the mail recipient 
computer 378 the sender identification information and associated postage information 
corresponding to the received mail piece. In particular, the communications interface 822, 
under control of the communications module 834, receives the sender identification request 
over the conmiunications fink 384 (step 1406). The database management module 836 then 
20 retrieves firom the postage database 830 the sender identification information and associated 
postage information corresponding to the received trackiag ID (step 1408). The 
communications interface 822 then, under control of the commumcations module 834, 
transmits the sender identification information with the associated postage information over 
the communications link 384 (step 1410). 

25 At steps 1412 and 1414, the mail recipient computer 378 receives the sender 

identification information and associated postage information from the centralized postage- 
issuing computer system 356 and displays it to the mail recipient. Li particular, the 
communications interface 1302 then, under control of the conmiunications module 1318, 
receives the sender identification information and associated postage information fi-om the 

30 centralized postage-issuing computer system 356 over the commxmications link 384 (step 

1412), and the user interface 1302 displays this information to the mail recipient (step 1414), 
and specifically in a window similar to that illustrated in Fig. 35. Thus, the mail recipient can 
determine firom this whether the sender is a trusted entity, e.g., if the mail recipient is famihar 
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with the displayed name of the sender. It should be noted that the fact that the centralized 
postage-issuing computer system 356 was capable of retrieving and transmitting the sender 
identification information to the mail recipient computer 378 for display thereon is a strong 
indication that the sender is a trusted entity, since individuals or entities that maintain 
5 accounts with the postage vendor can typically be considered to be trusted. An insidious 
individual bent on wreaking havoc through the postal system would typically not maintain a 
trackable accoxmt with a postage vendor. 

The use of a tracking ID in the postage indicium or as an indexing identifier not only 
faciUtates the postal service in detecting postage firaud and protecting package recipients firom 

10 insidious individuals, but also faciUtates the postal service in issuing refimds for unused 

postage. Consider a misprint scenario where an end user attempts to print an Express Mail 
label and the printing process fails in some way even though the postage was issued. The end 
user still wants to ship the package, so he/she will take corrective measures and print a 
second Express Mail label. The second label will have the identical destination address (in 

15 particular the same ZIP+4+2 zip code, the same postage amount, but a different tracking ID, 
which is issued on a per-print basis. This scenario creates a database structure that 
conceptually holds the information set forth in Table 3 below. 



Table 3: Express Mail Label Misprint Scenario 



Date/Time 


Account 


ZIP+4+2 


Service 
Class 


Postage 


Weight 


Piece 
Count 


Tracking 
Number 


Delivery 
Status 


9/9/01: 
15:16:01 


500318 


94301104147 


Express 


22:34 


4 


2445 


330343434334 


Submitted 


9/9/01: 
15:19:01 


500318 


94301104147 


Express 


22:34 


4 


2446 


330343456301 


Delivered 



A digital signature protects the integrity of the information in the database. It should 
be noted that the data set forth in Table 3 alone is strongly suggestive of a misprint scenario. 
But a much stronger case can be made several days later, when the tracking ID's can be 
statused agaiust the postal authority's (e.g., USPS) tracking system using a simple Intemet 
25 transaction. If the end user never mailed a package with the &st label (tracking ID 

330343434334), it will never achieve a status of "delivered." On the other hand, one should 
see a "deUvered" status on the second transaction if one waits a sufficient amount of time 
(e.g., 2-10 days). 
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With reference to Fig. 25, a postage system 380 comprises a centralized postage 
indicia generation system 382, which includes a multitude of centralized postage-issuing 
computer systems 386, each of which includes a multitude of end user computers 388. The 
postage system 380 also generally comprises a postal service 384, which includes a master 
5 tracking computer system 390 and a postage refund center 392. The centraUzed postage- 
issuing computer system 386, end user computer 388, and master tracking computer system 
390 communicate with each other over communications links 394 and 396 (such as, e.g., 
LAN, Intemet, or tel^hone network). 

These components are generally similar to the same-named components of the 
10 postage system 300, but differ somewhat in that it provides a means for providing refunds for 
unused postage. In this embodiment, in response to postage refund inquiries from an account 
administrator, each centraUzed postage-issuing computer system 386 retrieves previously 
stored postage transaction information, which contains, for each postage transaction, a 
tracking ID and an associated deUvery status. The centralized postage-issuing computer 
1 5 system 386 filters the retrieved postage transaction information for pertinent refimd 

information, and displays it to the account adnainistrator who determines whether there is 
unused postage to be refunded. The delivery status within the stored postage transaction 
information is updated by the master tracking computer system 390. 

The refund inquiry can take a variety of formats. For example, a refimd eUgible 
20 inquiry can reveal postage transaction information that meets the foUowdng criteria: (1) two 
or more transactions; (2) none of the transactions have ever been refunded in the past; (3) 
issued for the same account; (4) issued on the same day; (5) issued to the same destination; 
(6) issued for tiie same service class; (7) issued for the same postage amount; and (8) each 
transaction has an associated unique tracking ID. Fig. 26 illustrates exemplary results of a 
25 refund eligible inquiry. As can been seen, the display information meets the afore-described 
criteria. The account administrator can simply select the refimd option and the following 
steps will occur automatically: (1) the end user's account will be credited for the misprint; (2) 
the misprint postage transaction information will be date/time stamped in the postage 
database and flagged as "refunded"; (3) a refund request is issued to postage refund center 
30 392; and (4) the refunded postage transaction is entered into a statusing database, so that the 
delivery status can be checked for six months. 

It should be noted that the date of this query is August 23, 2001, and the postage 
transactions in question were completed three days earlier. The USPS deUvery status for the 
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first package presents the phrase "Your item was accepted at 10pm on August 21 in Palo 
Alto, CA 94301 . This phrase is misleading in that it infers that the USPS actually took 
possession of this package. In reality, it only indicates the date/time in which the tracking 
inforaiation was posted to the master tracking computer system. When this message persists 
5 for days or weeks, one much conclude that the tracking ID was indeed issued, but the 

package never entered the postal system. As another example, an audit inquiry can reveal all 
postage transaction inforaiation in a specific user account. 

This process provides a complete audit trail even through there is no mail piece 
specimen. The process not only has utility for misprint scenarios that do not produce a 

10 scaimable specimen, but it can also be used for misprints that do produce a scannable 

specimen. Normally, the specimen must be mailed to the postage vendor, which involves an 
additional mailing expense for the end user, as well as an additional effort for both end user 
and postage vendor. This process would allow end users to simply destroy misprint 
specunens if they met the refund criteria Usted above. In essence, the evidence supporting 

15 the refimd is electronic and not paper-based. 

It should be noted that the entire process is enabled by the confluence of the 
centralized postage system concept and the unique tracking ID. Mail pieces devoid of a 
unique tracking ID would not be eligible for this refimd process, nor would mail pieces 
created by postage metering technologies, which are not centralized (e.g., conventional 
20 postage meters or PC-postage meters that draw upon a local * Vault" of fimds to create 
postage indicia). 

Means can also be provided to automatically poll the delivery status of a "refimded" 
mail piece after tiie refimd is processed. This process will continue for a period of several 
months. If fiie master tracking computer system suddenly shows a change in delivery status 
25 for that refimded mail piece, an automated alert is forwarded to the postal authorities and an 
investigation can be laimched. 

A refimd inquiry can also be in the form of an audit review of all postage transactions 
in a user account. Fig. 27 illustrates exemplary results of an audit review. The accoimt 
administrator can review the Ust of postage transactions for duplicate postage transactions. 
30 Once a dupUcate postage transaction is suspected, the account administrator can click "Get 
Status" to determine if the mail piece associated with either of the duplicate postage 
transactions has been delivered. A refimd inquiry can also be in the form of a refimd pattern 



59 



BNSDOCID: <WO ^0304462QA2J_> 



wo 03/044620 PCT/US02/33024 

audit. Fig. 28 illustrates exemplary results of a refund pattern audit performed on the 
customers of a particular postage vendor. As can be seen, the account administrator can 
determine the refund percentage (by piece and total postage amount) of each customer. 

Turning now to Figs. 29 and 30, the structural details of the postage system 380 will 

5 now be described. Each end user computer 388 is similar to the previously described end 
user computer 308 illustrated in Fig. 4, and will thus not be described in further detail here. 
With specific reference to Fig. 29, each centralized postage-issuing computer system 386 
comprises data processing circuitry 1 120 (such as, e.g., a Central Processor Unit (CPU)) and 
a commimications interface 1122, which are similar to the same-named components of the 

10 previously described centraUzed postage-issuing computer system 305 and will thus not be 
described in further detail. The centralized postage-issuing computer system 386 further 
comprises a local memory 1 124, which is similar to the local memory 424 of the previously 
described centralized postage-issuing computer systCTi 305, with the exception that it 
includes postage dispensing/refund eUgibiUty modules 1 126 that are configured to 

1 5 additionally store and retrieve postage transaction information that includes a tracking ID and 
an associated dehvery status for that tracking ID. The local memory 1 124 further includes, in 
addition to a customer database 1 128 and a finance database 1 132, a postage database 1 130 
for storing the tracking ID and associated delivery status in addition to other postage 
information previously described with respect to the postage database 430. The centralized 

20 postage-issuing computer system 386 further comprises a user interface 1 123, which includes 
a keyboard 1 125 and a display 1 127, which as will be described below, allows the account 
administrator to issue a refund inquiry. 

Specifically, the postage dispensing/refund eUgibility modules 1 126 include a 
communications module 1 134, database management modtde 1 136, tracking ID request 

25 module 1 138, postage indicium request vaUdation module 1 140, postage indicium generation 
module 1 142, deUvery status request module 1143, filtering module 1145, refund inquiry 
module 1 147, and refund display module 1 149. The delivery status request module 1 143 is 
configured for generating a request for the delivery status for each tracking ID stored in the 
postage database 1 130. The filtering module 1 145 is configured for variously generating 

30 refund information by filtering and formattmg the postage transaction information retrieved 
from the postage database 1 130, as will be described in fiirther detail below. In addition to 
being configured for providing the communications previously described with respect to the 
communications module 434, the communications module 1 134 is configured for 



60 



BNSDCX5ID: <WO ^03044620A2J_> 



wo 03/044620 PCT/US02/33024 

transmitting delivery status requests to, and receiving confirmatory delivery status 
information firom, the master tracking computer system 890 over the commmiications link 
896. 

The database management module 1 136 is configured for storing and retrieving 
5 p^nent information in and fcom the customer database 1 128, postage database 1 130, and 
finance database 1 132. This function includes storing and retrieving a tracking ID and an 
associated delivery status, and updating that associated delivery status with confirmatory 
delivery status information received firom the master tracking computer system 890. As will 
be described iu fiirther detail, the confirmatory delivery status information indicates whether 

10 a mail piece carrying a tracking ID has, in fact, been delivered. The refund inquiry module 
1 147 is configured for generating an inquiry for postage refund information. In the illustrated 
embodiment, the inquiry contains a user accoxmt ID and password and the refund inquiry, 
which as previously discussed, can include various types. The refund display module 1 149 is 
configured for displaying on the display 1 127 the postage refund information filtered by the 

15 filtering modiile 1 145. 

The tracking ID request module 1138, postage indicium request validation module 
1 140, and postage indicium generation module 1 142 (and corresponding private key 1 144) 
are configured to perform the same functions described with respect to the tracking ID 
request module 438, postage indicium request validation module 440, and postage indicium 
20 generation module 442 (and corresponding private key 444), and will thus not be described in 
further detail. 

Alternatively, a centralized postage-issuing computer system, in combination with the 
refund inquiry functionality, can be constructed similarly to the centralized postage-issuing 
computer system 307, wherein tracking ID's are issued to end user computers by the 

25 centralized postage-issuing computer system from a pool of pre-stored unassigned tracking 
ID'S, or even more alternatively, wherein no tracking ID issuing fimctionality, in which case, 
the master tracking computer system directly issues tracking ID's to tihe end user computer. 
A centralized postage-issuing computer systraa, in combination with the refund inquiry 
fimctionahty, can be cotistructed similarly to the centralized postage-issuing computer system 

30 356, wherein self-validating postage indicia are stored in the centraUzed postage-issuing 
computer system and indexing identifiers are transmitted to the end user computers. 
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Referring specificaUy to Fig. 30, the master tracking computer system 390 comprises 
data processing circuitry 1 164 (such as, e.g., a Central Processor Unit (CPU)) and a 
communications interface 1166, which are similar to the same-named components of the 
previously described master tracking computer system 310 and will thus not be described in 
5 further detail. The master tracking computer system 390 further comprises a local memory 
1 168, which is similar to the local memory 468 of the previously described master tracking 
computer system 310, with the exception that it includes tracking information maintenance 
modules 1 170 that, in addition to generating and maiutainmg unique tracking ID's, keep track 
of the deUvery status of the mail pieces carrying these tracking ID's. The local memory 468 
10 further includes a tracking information database 1172, which stores unique trackmg ID's and 
postage information, including the delivery status associated with the tracking ID's. 

The tracking information maintenance modules 1 170 include a communications 
module 1 174, tracking ID allocation module 1 176, database management module 1 178, and 
refunded postage pollmg module 1 180. hi addition to being configured for providing the 
15 communications previously described with respect to the communications module 474, the 
communications module 1 174 receives deUvery status requests from, and transmits 
confirmatory dehvery status mformation to, each centrahzed postage-issumg computer 
system 886 over the communications links 896. The confirmatory deUvery status 
information is obtained from tracking stations (not shown), which scan tracked mail pieces 
20 when they are deUvered. The tracking ID allocation module 1 176 is configured for 

performing the same functions as the trackmg ID allocation module 476 previously described 
in the master tracking computer system 310. The database management module 1 178 is 
configured for storing and retrieving assigned tracking ID's and associated postage 
information (including deUvery status) to and from the tracking information database 1 172. 
25 The database management module 1178 is further configured for updating the tracking 

information database 1 172 with refimd information. That is, if a specific postage transaction 
has been refunded, the database management module 1 178 will associate a refimd indicator 
witix tiie postage mformation relating to flie specific postage transaction. The refimded 
postage polUng module 1 180 periodically polls the tracking information database 1 172 to 
30 determine if a mail piece associated wifli any refunded postage transaction has been 
deUvered. 

Referring to specifically Fig. 31, and with general reference to Figs. 29 and 30, the 
procedure for accumulating and updating the postage transaction information, including the 
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tracking ID's and associated delivery status, will now be described. At step 1200, tracking 
ID'S are issued and applied to a multitude of mail pieces, as previously described. 
Specifically, the tracking ID's can be indirectly issued firom the master tracking computer 
system 390 to the end user computers 388 via the centralized postage-issuing computer 
5 system 386, as in steps 500-525 of Fig. 9. Altematively, the tracking ID's can be directly 
issued from the centralized postage-issuing computer system 386, as in steps 528-544 of Fig. 
10. Even more alternatively, the tracking ID's can be directly issued from the master tracking 
computer system 390 to the end user computers 388, as in steps 546-578 of Fig. 12. At step 
1202, self-validating postage indicia are dispensed and applied to the mail pieces, which is 
10 described in detail as steps 600-622 of Fig. 13. 

At step 1204, the postage transaction information, along with the tracking ID's and 
associated delivery status, is recorded. Specifically, the database management module 1136 
stores the postage transaction information in the postage database 1 130. At step 1206, the 
multitude of mail pieces are processed through the postal authority, which in this case, is the 
15 USPS. At step 1208, the postal authority, upon delivery of the mail pieces to their intended 
destination, reads the tracking ID's on the mail pieces. At step 1210, this delivery 
information is transmitted to and recorded in the master tracking computer system 390. 
Specifically, the database management module 1 178 updates the confirmatory delivery status 
information in the tracking information database 1 172 by changing the status from 
20 "accepted" to "delivered," 

At steps 1212 and 1214, the centralized postage-issuing computer system 386 
generates and transmits a delivery status request to the master tracking computer system 390. 
Specifically, the delivery status request module 1 143 generates a dehvery status request (step 
1212), and the communications interface 1 122 then, under control of the communications 
25 module 1 134, transmits the delivery status request over the communications link 396 (step 
1214). At steps 1216-1220, the master tracking computer system 390 receives the delivery 
status request from the centralized postage-issuing computer system 386 and transmits the 
confirmatory delivery status information to the centralized postage-issuing computer system 
386. Specifically, the communications interface 1 166, under control of the conmnmications 
30 module 1 174, receives the delivery status request over the communications link 396 (step 
1216). The database management module 1 178 then retrieves the confirmatory delivery 
status information from the tracking information database 1 172 (step 1218), and the 
communications interface 1166 then, under control of the communications module 1174, 
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transmits the confiimatory deUvery status infonnation over the communications link 316 
(sten 1220). Alternatively, the confiimatory deUvery status infomiation can periodically be 
do' , iiloaded from the master tracking computer system 390 without prompting by the 
centralized postage-issuing computer system 386. 

5 At steps 1222 and 1224, the centralized postage-issuing computer system 386 receives 

the confirmatory deUvery status information from the master tracking computer system 310 
and updates the deUvery status within the stored postage transaction information with the 
confiimatory deUvery status infonnation. In particular, the communications interface 1222, 
under control of the communications module 1234, receives the confirmatory delivery status 
10 information over the communications Unk 396 (step 1222). The database management 

module 1136 then updates the deUvery status within the postage database 1 130 (step 1224). 
If tne confirmatory deUvery status infonnation indicates that the mail piece carrying the 
tracking JD has been deUvered, the deUvery status associated with that fracking ID wiU be 
updated as deUvered. If Hie confinnatory deUvery status infonnation indicates that the mail 
1 5 piece carrying the tracking ID has not been deUvered. the deUvery status associated with that 
tracking ID wiU be updated as not deUvered. 

Referring to specifically Fig. 32, and with general reference to Fig. 29, the procedures 
for issuing a refimd will now be described. At step 1230, the account administrator operates 
the user interface 1 123 of the centralized postage-issuing computer system 386 to make a 
20 n: vmd inquiry. The type of refimd inquiry can be, e.g., any of the three refiind inquiries 
o jribed above (refund eUgible inquiry, audit review, or refund pattern audit), but for 
purposes of the following explanation the refund eUgible inquiry will be described. At step 
1232. Hie database management module 1 136 retrieves for a specific user account the postage 
transaction infonnation from the postage database 1 130. At step 1234. the filtering module 
25 1 145 selects the postage transaction information representing dupUcative postage transaction. 
Tn particular, it selects tiie postage transactions that cany tracking ID'S that have never been 
refimded in the past, that are issued for the specific user account, and tiiat have identical key 
postage transaction items, i.e., postage transaction date, destination zip code, service class, 
and postage amount. At step 1236, tiie filtering module 1 145 then detennines if any of the 
30 delivery statises for the selected postage transactions indicates that a mail piece has been 

deUvered. If so, it is detennined that a refiind for that postage transaction is forthcoming, hi 
thi- case, the database management module 1136, at step 1238, credits tiie user's account for 
tl dsprint in the finance database 1 132. At step 1240, the database management module 
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1 136 then date/time stamps the misprint postage transaction in the postage database 1 130. Jn 
this mamier, the filtering module 1 145 will filter out this refimded postage transaction in the 
future, so that it is not refunded multiple times. At step 1242, the account administrator issues 
a refimd request to the postage refund center 392 of the postal authority (e.g., USPS). 

5 At steps 1244 and 1246, the postal authority then enters the refunded postage 

transaction into the master tracking computer system 390, where the delivery status can be 
checked for six more months. In particular, the database management module 1 178 will 
associate a refund indicator with the postage information relating to the refunded postage 
transaction (step 1244), and the refunded postage polling module 1 180 periodically polls the 
1 0 tracking information database 1 1 72 to determine if a mail piece associated with any refunded 
postage transaction has been delivered (step 1246). 

It should be noted that the refimd process even allows an end user to initiate a refund 
inquiry without intervention by the accoimt administrator. In this case, the end user will 
would have to wait the required minimum time to ensure the "never mailed package" doesn't 
1 5 show up on the tracking system, but then the process is so automatic that the refund could be 
instituted entirely without an account administrator's intervention. 

Although particular embodiments of the present inventions have been shown and 
described, it will be understood that it is not intended to limit the present inventions to the 
preferred embodiments, and it will be obvious to those skilled in the art that various changes 
20 and modifications may be made without departing from the spirit and scope of the present 
inventions. Thus, the present inventions are intended to cover alternatives, modifications, 
and equivalents, which may be included within the spirit and scope of the present inventions 
as defined by the claims. All pubUcations, patents, and patent applications cited herein are 
hereby incorporated by reference in their entirety for all purposes. 

25 
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CLAIMS 

What is claimed is: 

1 . A method of providing a unique postage indicium for use in a postal system, 
comprising: 

5 generating a unique postage indicium having a character string that is unique within 

the postal system; 

deriving a digital signature from the unique character string; and 
associating the digital signature with tiie unique postage indicium to generate a self- 
vaUdating unique postage indicium. 
10 2. The method of claim 1, wherein the unique character string comprises a 

tracking ID. 

3. The method of claim 1. wherein the digital signature association comprises 
attaching the digital signature to the unique postage indicium. 

4. The mefliod of claim 1. further comprising applying the self-validating unique 
15 postage indicium to a mail piece. 

5. The method of claim 1, fiulher comprismg applying the self-vahdating unique 
postage indicium to a mail piece m a barcode format. 

6. The method of claim 4, wherein the mail piece is a package. 

7. The method of claim 4, wherein the mail piece is an envelope. 

20 8. The method of claim 4, wherem the unique character string is also appUed to 

the mail piece independently of the self-validating unique postage indicium. 

9. The method of claim 1 , wherein the digital signature is generated by ^plying 
a private key to the unique postage indicitmi. 

10. The method of claim 1, wherein the unique character string originates from a 
25 single database within the postal system. 

11. The method of claim 1, wherein the postal system is the United States Postal 
Service. 

12. The meftiod of claim 1, wherein the unique postage iudicium further has one 
or more items selected from the groiq> consisting of an mdicia version number, algorithm 

66 



BNSCXXID: <WO ^03044620A2J_> 



wo 03/044620 PCT/US02/33024 

identification, certificate serial number, device identification, ascending register, postage, 
date of mailing, originating zip code, software identification, descending register, and rate 
category. 

13. A method of detecting postal fraud in a postal system, comprising: 

5 receiAong a plurality of mail pieces within the postal system, each carrying a self- 

validating postage indicium containing a postage indicium having a character string, and 
containing a digital signature derived from the character string; 

reading each self-vaUdating postage indicium to obtain the postage indicium and 
digital signature; 

10 validating each postage indicium by determining if the digital signature is consistent 

with the character string; and 

comparing all of the character strings obtained from the postage indicia. 

14. The method of claim 13, wherein each character string comprises a tracking 

ID. 

15 15. The method of claim 13, wherein each self-vahdating postage indicium is 

embodied in a barcode format, and the self-validating postage indicium is read with a barcode 
reader. 

16. The method of claim 13, wherein each digital signature is generated with a 
private key, and the postage indicium authentication comprises applying a corresponding 

20 public key to each digital signature. 

17. The method of claim 13, further comprises storing the character strings 
obtained from the postage indicia in a single database. 

1 8. The method of claim 13, wherein the postal system is the United States Postal 
Service. 

25 1 9. The method of claim 13, wherein postal fraud is determined if two of the 

character strings match. 

20. The method of claim 13, wherein the postage indicium has postage 
information in addition to the character string, and the digital signature is derived from the 
character string and postage information. 
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21 . A method of detecting postal fraud in a postal system, comprising: 

receiving a mail piece within the postal system, the mail piece carrying a self- 
validating postage indicimn containing a postage indicium having a character string, and a 
digital signature derived from the character string, the mail piece further carrying an expected 
5 representation of the character string independent of the self-validating postage indicium; 

reading the self-validating postage indicium to obtain the postage indicium and digital 
signature; 

validating the postage indicimn by determining if the digital signature is consistent 
with character string; and 
1 0 comparing the character string obtained from the postage indicium to the expected 

representation of the character string. 

22. The method of claim 21, whorein the character string comprises a tracking ID. 

23. The method of claim 21 , wherein the self-validating postage indicium is 
embodied in a barcode format, and the self-validating postage indicium is read with a barcode 

15 reader. 

24. The method of claim 2 1 , wherein the digital signature is generated with a 
private key, and the postage indicium authentication comprises applying a corresponding 
public key to the digital signature. 

25. The method of claim 21, wherein the postal system is the United States Postal 
20 Service. 

26. The method of claim 21, wherein postal fraud is determined if the character 
string obtained from the postage indicia does not match the expected character string 
representation. 

27 . The method of claim 2 1 , wherein the character string obtarned from the mail 
25 piece is compared with character strings obtained from other mail pieces. 

28. The method of claim 27, wherein postal fraud is determined if two of the 
character strings match. 

29. The method of claim 21 , wherein the postage indicium has postage 
information in addition to the character string, and the digital signature is derived from the 

30 character string aud postage information. 
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30. A method of providing postage indicia for use in a postal system, comprising: 

generating a plurality of unique postage indicia having a plurality of character strings 
unique within the postal system; 

deriving a plurality of digital signatures firom the plurality of unique character strings; 

5 and 

generating a plurality of self-validating unique postage indicia by associating the 
pluraHty of digital signatures with the plurahty of unique postage indicia. 

3 1 . The method of claim 30, wherein all of the steps are performed in a 
centralized postage-issuing computer system. 

1 0 32. The method of claim 31, further comprising: 

receiving a plurality of postage indicium requests at the centrahzed postage-issuing 
computer system from a plurality of end user computers; and 

transmitting the plurality of self-validating unique postage indicia from the centralized 
postage-issuing computer system to the plurality of end user computers. 

15 33. The method of claim 32, wherein each of the plurahty of postage indiciimi 

requests is embodied in a single data stream. 

34. The method of claim 32, further comprising receiving the plurality of unique 
character strings at the centralized postage-issuing computer system from a master trackmg 
computer system. 

20 35. The method of claim 32, fiirther comprising receiving the pluraHty of unique 

character strings at the centralized postage-issuing computer system from the plurahty of end 
user computers. 

36. The method of claim 30, wherein all of the steps are performed ui a plurahty 
of end user computers. 

25 37. The method of claim 30, wherein the plurahty of unique character strings 

comprises a plurality of imique tracking ID's. 

38. The method of claim 30, wherein the digital signature association comprises 
attaching the plurality of digital signatures to the plurality of unique postage indicia. 
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39. The method of claim 30, further comprising applying the plurahty of self- 
validating unique postage indicia to a plvirahty of mail pieces. 

40. The method of claim 30, further comprismg applying the plurality of self- 
validating unique postage indicia to a plurality of mail pieces in a barcode format. 

5 41. Themethodof claim 40, wherein the pluraUty of mail pieces is a plurality of 

packages. 

42. The method of claim 40, wherem the plurahty of mail pieces is a plurality of 
envelopes. 

43 . The method of claim 30, wherein the plurahty of digital signatures is 

10 generated by applying one or more private keys to the plurahty of unique character strings. 

44. The method of claim 30, wherein the postal system is the United States Postal 
Service. 

45 . The method of claim 30, wherein each of plurality of unique postage mdicia 
further has one or more items selected from the group consisting of an indicia version 

1 5 number, algorithm identification, certificate serial number, device identification, ascendmg 
register, postage, date of maihng, originatmg zip code, software identification, descending 
register, and rate category. 

46. A method of providing a postage indicium for use in a postal system, 
comprising: 

20 receiving a unique identifier request from an end user computer; 

transmitting a unique identifier to the end user computer in response to the unique 
identifier request, wherein the unique identifier is unique within the postal system; 

receiving a postage indicium request from an end user computer; 

generating a unique postage indicium cairymg the unique identifier; 
25 deriving a digital signature from the unique identifier; 

generating a self-vahdating unique postage indicium by associating the digital 
signature with the unique postage indicium; and 

transmitting the self-vahdating unique postage indicium independently firom the 
unique identifier transmitted m response to the unique identifier request. 

70 



BNSDOCID: <WO ^03044e20A2J_> 



wo 03/044620 PCTAJS02/33024 

47. The method of claim 46, wherein all of the steps are perfonned in a 
centralized postage-issuing computer system. 

48. The method of claim 47, further comprising receiving the unique identifier at 
the centralized postage-issuing computer system fi:om a master tracking computer system. 

5 49. The method of claim 48, fiirttier comprising transmitting another unique 

identifier request from the centraUzed postage-issuing computer system to the master tracking 
computer system in response to receipt of the unique identifier request from the end user 
computer. 

50. The method of claim 48, further comprismg storing the received unique 
10 identifier within the centralized postage-issuing computer system prior to receiving the 

unique identifier request. 

5 1 . The method of claim 46, wherein the unique identifier request is received at a 
master tracking computer system, the unique identifier is transmitted from the master 
tracking computer system, and the remainiag steps are performed in a cenfralized postage- 

1 5 issuing computer system, the method further comprising receiving the unique identifier at the 
centredized postage-issuing computer system from die end user computer. 

52. The method of claim 46, wherein the unique identifier is a smgle unique 
character string. 

53. The method of claim 52, wherein the unique identifier comprises a unique 
20 tracking ID. 

54. The method of claim 46, wherein the unique identifier comprises two or more 
character strings. 

55. The method of claim 54, wherein the unique identifier comprises a postage 
vendor ID, user account number, and piece count. 

25 56. The method of claim 46, wherein the digital signature association comprises 

attaching the digital signature to the unique postage indicium. 
57. The method of claim 46, fijrther comprising: 
receiving the unique identifier at the end user computer; 

receiving the self-vaUdating unique postage indicium at the end user computer, and 
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flying the receiving unique identifier and self-validating unique postage indicium 
to a mail piece. 

58. The method of claim 57, wherein the received unique identifier is applied to 
the mail piece in a one-dimensional barcode format, and the self-validating unique postage 

5 indicium is ^pUed to the mail piece in a two-dimensional barcode format. 

59. The method of claim 57, wherein the mail piece is a package. 

60. The method of claim 57, wherein the mail piece is an envelope. 

61 . The method of claim 46, wherein the digital signature is generated by applying 
a private key to the imique identifier. 

10 62. The method of claim 46, wherein the postal system is the United States Postal 

Service. 

63. The method of claim 46, wherein the unique postage indicium fijrther has one 
or more items selected from the group consisting of an indicia version number, algorithm 
identification, certificate serial number, device identification, ascending register, postage, 

15 date of mailing, originating zip code, software identification, descending register, and rate 
category. 

64. A postage indicia generation system for implementation with a postal system, 
comprising: 

an end user computer; 
20 a centralized postage-issuing computer system; 

a communications link connecting the end user computer with the centralized 
postage-issuing computer system; 

wherein the end user computer is configured for transmitting a postage indicium 
request to the centralized postage-issuing computer system over the communications link, 
25 and the centraHzed postage-issuing computer system is configured for generating and 
transmitting a self-vaHdating unique postage indicium to the end user computer over the 
communications link, the self-validating unique postage mdicium containing a character 
string unique to the postal system and a digital signature derived from the unique character 
string. 
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65. The system of claim 64, further comprising: 
a master tracking computer system; and 

another communications link connecting the centralized postage-issuing computer 
system with the master tracking computer system; 
5 wherein the master tracking computer system is configured for transmitting the 

unique character string to the centralized postage-issuing computer system over the other 
communications link. 

66. The system of claim 65, wherein the centralized postage-issuing computer 
system is further configured for transmitting a unique identifier request to the master tracking 

10 computer system over the communications link in response to the postage indicium request. 

67. The system of claim 66, wherein the centralized postage-issuing computer 
system is furflier configured for storing the received character string within the centralized 
postage-issuing computer system prior to the postage indicium request. 

68. The system of claim 64, further comprising: 
15 a master tracking computer system; and 

another communications link connecting the end user computer with the master 
tracking computer system; 

wherein the end user computer is configured for transmitting a unique identifier 
request to the master tracking computer system over the other communications link, for 
20 receiving the imique character string from the master tracking computer system over the other 
communications link, and for transmitting the unique character string to the centralized 
postage-issuing computer system over the communications link. 

69. The system of claim 64, further comprising: 
a plurality of end user computers; 

25 a plurality of communications links connecting the plurality of user computers with 

the centralized postage-issuing computer system; 

wherein the plurality end user computers is configured for transmitting a plurality of 
postage indicium requests to the centralized postage-issuing computer system over the 
plurality of communications links, and the centralized postage-issuing computer system is 

30 configured for generating and transmitting a plurality of self-validating unique postage 
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indicia to the pluraUty of end user computers over the plurality of commumcations links, the 
pluraHty of self-validating unique postage indicia containing a plurality of character strings 
unique to the postal system and a pluraUty of digital signatures derived from at least portions 
of a pluraUty of unique postage indicia containing the plurality of unique character strings. 

5 70. The system of claim 69, further comprising: 

a master tracking computer system; and 

another communications link connecting the centralized postage-issuing computer 
system with the master tracking computer system; 

wherein the master tracking computer system is configured for transmitting the 
10 pluraUty of unique character strings to the centraUzed postage-issuing computer system over 
the other communications link. 

7 1 . The system of claim 69, further comprising: 
a master tracking computer system; and 

another pluraUty of commumcations Unks connecting the plurality of end user 
1 5 computers with the master tracking computer system; 

wherein the plurality of end user computers is configured for transmitting a plurality 
of unique identifier requests to the master tracking computer system over the other pluraUty 
of communications links, for receiving the pluraUty of unique character strings firom the 
master tracking computer system over the other plurality of communications Unks, and for 
20 transmitting the pluraUty of unique character strings to the centraUzed postage-issuing 
computer system over the pluraUty of communications links. 

72. The system of claim 64, wherein the unique character stiing comprises a 
unique tracking ID. 

73. The system of claim 64, wherein the end user computer is configured for 
25 applying the self-vaUdating unique postage indicium to a mail piece. 

74. The system of claim 64, whetdn flie centralized postage-issuing computer 
system is configured for applying a private key to the unique character string to generate the 
digital signature. 

75 . The system of claim 64, wherein the postal system is the United States Postal 
30 Service. 
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76. The system of claim 64, wherein the imique postage indicium further has one 
or more items selected from the group consisting of an indicia version number, algorithm 
identification, certificate serial number, device identification, ascending register, postage, 
date of mailing, originating zip code, software identification, descending register, and rate 

5 category. 

77. A centralized postage-issuing computer system for issuing postage indicia 
within a postal system, comprising: 

data processing circuitry; 
a database storing a plurality of user accounts; 
10 a communications module, when executed by the data processing circuitry, 

configured for receiving a postage indicium request from an end user computer; and 
a postage indicium generation module, when executed by the data processing 
circuitry, configured for generating a self-validating unique postage indicium in response to 
the postage indicium request, the self-vaUdating unique postage indicium containing a 
1 5 character string unique to the postal system and a digital signature derived firom the unique 
character string. 

78. The centralized postage-issuing computer system of claim 77, wherein the 
communications module is further configured for transmitting the self-vaUdating unique 
postage indicium to the end user computer. 
20 79. The centralized postage-issuing computer system of claim 77, wherein the 

postage indicium generation module comprises: 

a unique postage indiciimi generation submodule for generating the unique postage 
indicium; 

a digital signature generation submodule for generating the digital signature; and 
25 an association submodule for associatmg the digital signature with the unique postage 

indicia to generate the self-validating unique postage indicium. 

80. The centralized postage-issuing computer system of claim 77, wherein the 
communications module is further configured for receiving the unique character string firom a 
master tracking computer system. 
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81 . The centralized postage-issuing computer system of claim 80, wherein the 
communications module is further configured for transmitting a unique identifier request to 
the master tracking computer system in response to receiving the unique identifier request 
from the end user computer. 

82. The centralized postage-issuing computer system of claim 80, further 
comprising a database management module for storing the received character stinng in the 
database prior to receiving the unique identifier request from the end user computer. 

83. The centralized postage-issuing computer system of claim 77, wherein the 
communications module is fiirther configured for receiving tiie unique character stiing from 
the end user computer. 

84. The centraUzed postage-issuing computer system of claim 77, 

wherein the communications module is configured for receiving a plurahty of postage 
indicium requests fix>m a plurality of end user computers; and 

wherein the unique postage indicia module is configured for generating a pluraUty of 
self-validating unique postage indicia in response to the pluraUty of postage indicium 
requests, the plurality of self-validating unique postage indicia containmg a plurality of 
character strings unique to the postal system and a pluraUty of digital signatures of the 
pluraUty of imique character strings. 

85. The centiraUzed postage-issuing computer system of claim 84, wherein the 
communications module is fijrther configured for receivmg tiie plurality of unique character 
strings from a master fracking computer system. 

86. The centralized postage-issuing computer system of claim 84, wherein the 
communications module is fijrther configured for receiving the pluraUty of unique character 
strings from the pluraUty of end user computers. 

87. The centralized postage-issuing computer system of claim 77, wherein the 
unique character string comprises a unique tracking ID. 

88. The centraUzed postage-issuing computer system of claim 77, wherein the 
centralized postage-issuing computer system comprises a private key, and the postage 
indicium generation module is further configured for applying the private key to the unique 

) character string to generate the digital signature. 
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89. The centralized postage-issuing computer system of claim 77, wherein the 
postal system is the United States Postal Service. 

90. The centralized postage-issuing computer system of claim 77, wherein the 
unique postage indicium further has one or more items selected from the group consisting of 

5 an indicia version number, algorithm identification, certificate serial number, device 

identification, ascending register, postage, date of mailing, originating zip code, software 
identification, descending register, and rate category. 

9 h A method of indexing a postage indicium within a database of a centraUzed 
postage-issuing computer system, the method comprising: 
10 generating a postage indicium associated with a mail piece; 

associating an indexing tracking ID with the postage indicixun; and 
storing the indexed postage indicium within the database. 

92. The method of claim 91 , wherein the indexing tracking ID is unique within a 
postal service. 

15 93. The method of claim 92, wherein the postal service is the United States Postal 

Service. 

94. The method of claim 91 , wherein the postage indicium comprises one or more 
items selected from the group consistmg of postage amount, date and time of postage 
information creation, service class, optional data advance, and delivery zip code. 

20 95. The method of claim 91, further comprising: 

deriving a digital signature from the postage indiciirai; 

associating the digital signature with the postage indicium to generate an indexed self- 
validating postage indiciimi; and 

storing the indexed self-validating postage indicium within the centralized postage- 
25 issuing computer system. 

96. The method of claim 95, wherein the digital signature association comprises 
attaching the digital signature to the postage indicium. 

97. The method of claim 95, wherein the digital signature is generated by applying 
a private key to the postage indicium. 
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98. The method of claim 95. wherein the indexed self-validating postage indicium 
is generated within a physically secure coprocessor device. 

99. The method of claim 91 , further comprising: 

receiving an indexmg identifier request from an end user computer; and 
5 transmitting Ihe indexing trackmg ID to the end user computer. 

100. The method of claim 91, further comprising: 

receiving a postage indicium request containing the indexing tracking ID from a 
postal authority; 

retrieving the indexed postage indicium from the database based on the received 
10 indexing tracking ID; and 

transmitting the indexed postage indicium to the postal authority. 

101. The method of claim 91, further comprising: 

generatmg a plurahty of postage indicia associated with a plurality of mail pieces; 
associatmg a pluraUty of indexing tracking IDs with the pluraUty of postage indicia; 

15 and 

storing the pluraUty of mdexed postage indicia within the database. 

102. The method of claim 101, further comprising: 

receiving a plurality of indexmg identifier requests from a pluraUty of end user 
computers; and 

20 transmitting the pluraUty of indexing tracking IDs to the pluraUty of end user 

computers. 

103. The method of claim 101, further comprising: 

receivmg a pluraUty of postage mdicium requests containing the pluraUty of indexing 
tracking IDs from a postal authority; 
25 retrieving the pluraUty of indexed postage mdicia from the database based on the 

plurality of received indexing tracking IDs; and 

transmitting the pluraUty of indexed postage indicia to the postal authority. 
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1 04. A method of validating postage for a postal service, the method comprising: 
generating a postage indicium associated Avith a mail piece; 

associating an indexing tracking ID with the postage indicium; 
storing the indexed postage indicium within a database; 
5 applying the indexing tracking ID to the mail piece; 

reading the indexing tracking ID on the mail piece; and 

retrieving the indexed postage indicium from the database based on the read indexing 
tracking ID. 

105. The method of claim 104, wherein the indexing tracking ID is unique within 
10 the postal service. 

106. The method of claim 105, wherein the postal service is the United States 
Postal Service. 

107. The method of claim 104, wherein the postage indicium comprises one or 
more items selected from the group consisting of postage amount, date and time of postage 

1 5 information creation, service class, optional data advance, and delivery zip code. 

108. The method of claim 104, fiirther comprising: 
deriving a digital signature from fee postage indicium; 

associating the digital signature with the postage indicium to generate an indexed self- 
validating postage indiciiun; and 
20 storing the indexed self-validating postage indicium within the centralized postage- 

issuing computer systatn. 

1 09. The method of claim 1 08, wherein tiie digital signature association comprises 
attaching the digital signature to the postage indicium. 

1 10. The method of claim 108, wherem the digital signature is generated by 
25 applying a private key to the postage indicium. 

111. The method of claim 108, wherein the indexed self-validating postage 
indicium is generated within a physically secure coprocessor device. 

1 12. The method of claim 104, wherein the indexing tracking ID is applied to the 
mail piece in a barcode format, and the indexing tirackmg ID is read using a barcode reader. 
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1 13. The method of claim 1 12, wherein the barcode format is two-dimensional 
barcode format. 

1 14. The method of claim 1 12,wherein the barcode format is a one-dimensional 
barcode format. 

5 1 1 5. The method of claim 104, wherein the indexing tracking ID is applied to the 

mail piece in a human-readable format, and the mdexing tracking ID is read using an optical 
character reader. 

1 16. The method of claim 104, fiirther comprising 

generatmg a pluraUty of postage indicia associated with a plurality of mail pieces; 
10 associating a pluraHty of indexing tracking IDs with the pluraUty of postage indicia; 

storing the plurality of indexed postage indicia within the database; 

applying the plurality of indexing tracking IDs to the pluraUty of mail pieces; 

reading the pluraUty of indexing tracking IDs on the pluraUty of mail pieces; and 

retrieving the plurality of indexed postage indicia from the database based on the 
15 pluraUty of read indexing tracking IDs. 

1 17. A centralized postage-issuing computer system for indexing a postage 
indicium, comprising: 

data processing circuitry; 
a database; 

20 a postage indicium generation module, when executed by the data processing 

circuifary, configured for generating a postage indicium; 

an indexing module, when executed by the data processing circuitry, configured for 
associating an indexing tracking ID with the postage indicium; and 

a database management module, when executed by the data processing circuitry, 
25 configured for storing the indexed postage indicium within the database, and for retrieving 
the indexed postage indicium from the database based on the indexing tracking ID. 

118. The centralized postage-issuing computer system of claim 1 17, wherein the 
indexing tracking ID is unique Avithin a postal service. 
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119. The centralized postage-issuing computer system of claim 118, wherein the 
postal system is the United States Postal Service. 

120. The centralized postage-issuing computer system of claim 117, wherein the 
postage indicium comprises one or more items selected from the group consistmg of postage 

5 amount, date and time of postage information creation, service class, optional data advance, 
and delivery zip code. 

121. The centralized postage-issuing computer system claim 117, wherein the 
postage indicium generation module is configured for generating a self-validating postage 
indicium in response to tlie indexing identifier request, the indexing module is configured for 

10 associating the indexing tracking ID with the self-vaUdating postage indicium, and the 

database management module is configured for storing the indexed self-validatmg postage 
indicium within the database. 

1 22. The centralized postage-issuing computer system of claim 121, wherein the 
postage indicium generation module comprises: 

1 5 a postage indicium generation submodule for generating the postage indicium; 

a digital signature generation submodule for generating the digital signature; and 
an association submodule for associating the digital signature with the postage 
indicium to generate the self-validating indexed postage indicium. 

123 . The centralized postage-issuing computer system of claim 117, wherein the 
20 database is associated vnth a physically secure coprocessor device. 

124. The centralized postage-issuing computer system of claim 1 17, further 
comprising a communications module, when executed by the data processing circuitry, 
configured for receiving an indexing identifier request from an end user computer, and for 
transmitting the indexing tracking ID to the end user computer. 

25 125. The centralized postage-issuing computer system of claim 117, further 

comprising a communications module, when executed by the data processing circuitry, 
configured for receiving a postage indicium request containing the indexing traddng ID from 
a postal authority, and for transmitting the retrieved indexed postage mdicium to the postal 
authority. 

30 126. The centralized postage-issuing computer system of claim 117, wherein 
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the postage indicium generation module is configured for generating a pluraUty of 
postage indicia; 

the indexing module is configured for associating a pluraUty of indexing tracking IDs 
with the plvurality of postage indicia; and 
5 the database management module is configured for storing the pluraUty of indexed 

postage indicia within the database, and for retrieving the pluraUty of indexed postage indicia 
firom the database based on the pluraUty of indexing trackmg IDs. 

127. The centralized postage-issuing computer system of claim 126, fiirther 
comprising a communications module, when executed by the data processing circuitry, 

10 configured for receivmg a plurality of indexing identifier requests firom a pluraUty of end user 
computers, and for transmitting the plurality of indexing tracking IDs to the plurality of end 
user computers. 

128. The centralized postage-issuing computer system of claim 126, fiirther 
comprising a communications module, when executed by the data processing circuitry, 

15 configured for receiving a pluraUty of postage indicium requests containing the plurality of 
indexing tracking IDs from apostal authority, and for transmitting the plurality of retrieved 
indexed postage indicia to the postal authority. 

129. A method of vaUdating postage in a postal system, comprising: 
receivmg a postage mdicium request from a postal authority, wherem the postage 

20 indicium request carries an indexing tracking ID and is associated with a mail piece inspected 
by the postage authority; 

retrieving an indexed postage indicium from a database based on the received 
indexing tracking ID; and 

transmittmg the postage indicium to the postal authority. 
25 130. The method of claim 129, wherein the indexing fracking ID is unique within a 

postal service. 

131. The method of claim 130, wherein the postal service is the United States 
Postal Service. 
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132. The method of claim 129, wherem the indexed postage indicium comprises 
one or more items selected from the group consisting of postage amount, date and time of 
postage information creation, service class, optional data advance, aad delivery zip code. 

133. The method of claim 129, wherein the indexed postage indicium is a self- 
5 validatmg postage indicium. 

134. The method of claim 129, wherein the database is associated witii a physically 
secure coprocessor device. 

135. The method of claim 129, further comprising: 

receiving a pluraUty of postage indicium requests from a postal authority, whereia the 
10 plurality of postage indicium requests carries a pluraUty of indexing tracking IDs and is 
associated with a plurality of mail pieces inspected by the postage authority; 

retrieving a plurality of indexed postage indicia from the database based on the 
plurality of received indexing tracking IDs; and 

transmitting the pluraUty of postage indicia to tiie postal authority. 
15 1 36. A method of indexing sender identification information within a database of a 

centraUzed postage-issuing computer system, the method comprising: 

generating sender identification information associated with a mail piece; 
associating an indexing tracking ID with the sender identification information; and 
storing the indexed sender identification information within the database. 
20 137. The method of clahn 136, wherein the indexing tracking ID is unique within a 

postal service. 

138. The method of claim 137, wherein the postal service is the United States 
Postal Service. 

139. The method of claim 136, whereia the send^ identification information 

25 comprises one or more items selected from the group consisting of the sender name, sender 
employer, sender address, and sender zip code. 

140. The method of claim 136, fiirther comprising: 

receiving a sender identification request containing the indexing tracldng ID from a 
mail recipient computer; 
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retrieving the sender identification information from the datahase based on the 
received indexing tracking ID; and 

transmitting the sender identification information to the mail recipient computer. 
14 1 . The method of claim 136, further comprising: 
5 generating a sender identification information associated with a pluraHty of mail 

pieces; 

associating a plurality of indexing tracking IDs with the sender identification 
information; and 

storing the sender information within the database. 
10 1 42. The method of claim 141 , fiirther comprising: 

receiving a plurality of sender identification requests containing the pluraUty of 
indexing tracking IDs from a pluraHty of mail recipient computers; 

retrieving the sender identification infonnation &om the database based on the 
plurality of received indexing tracking IDs; and 
15 transmitting the sender identification information to the mail recipient computers. 

143. A centraUzed postage-issuing computer system for indexing sender 
identification information, comprising: 
data processing circuitry; 
a database; 

20 an indexing module, when executed by the data processing circuitry, configured for 

associating an indexing to-acking ID with the sender identification information; and 

a database management module, when executed by the data processing circuitry, 
configured for storing the indexed sender identification information within the database, and 
for retrieving tiie indexed sender identification infonnation from tiie database based on the 

25 indexing tracking ID. 

144. The centralized postage-issuing computer system of claim 143, wherein the 
indexing tracking ID is unique within a postal service. 

145. The centralized postage-issuing computer system of claim 144, wherein the 
postal system is the United States Postal Service. 
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146. The centralized postage-issuing computer system of claim 143, wherein the 
sender identification information comprises one or more items selected from the group 
consisting of the sender name, sender employer, sender address, and sender zip code. 

147. The centralized postage-issuing computer system of claim 143, further 
5 comprising a communications module, when executed by the data processing circuitry, 

configured for receiving a sender identification request contaiiung the indexing tracking ID 
from a mail recipient computer, and for transmitting the retrieved indexed sender 
identification information to the mail recipient computer. 

148. The centralized postage-issuing computer system of claim 143, wherein 

10 the indexing module is configured for associating a pluraUty of mdexing tracking IDs 

with sender identification information; and 

the database management module is configured for storing the indexed sender 
identification information within the database, and for retrieving the indexed sender 
identification information from the database based on tiie pluraUty of indexing tracking IDs. 

15 149. The centralized postage-issuing computer system of claim 148, ftirther 

comprising a communications module, when executed by tiie data processing circuitry, 
configured for receiving a plurality of sender identifications requests containing the plurality 
of indexing tracking IDs from a plurality of mail recipient computers, and for transmittmg the 
retrieved indexed sender identification information to the plurality of mail recipient 

20 computers, 

1 50. A method of verifying a sender of a mail piece, comprising: 

receiving a sender identification request from mail recipient computer, wherein the 
sender identification request carries an indexing tracking ID associated with a mail piece 
received from a postal authority; 
25 retrieving indexed sender identification information from a database based on the 

received indexing tracking ID; and 

transmittmg the sender identification mformation to the mail recipient computer. 

151. The method of claim 1 60, wherein the indexing tracking ID is unique within a 
postal service. 
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152. The method Of Claim 151, wherein the postal service is the United States 
Postal Sarvice. 

153. The method of claim 150, wherein the sender identification information 
comprises one or more items selected from the group consisting of the sender name, sender 

5 employer, sender address, and sender zip code. 

154. The method of claim 150, further comprising: 

receiving a plurality of sender identification requests from a pluraUty of mail recipient 
computers, wherein the plurality of sender identification requests carries a plurality of 
indexing tracking IDs and is associated with a pluraUty of mail pieces received from a 
1 0 pc icage authority; 

retrieving indexed sender identification information from the database based on the 
plurality of received indexing tracking IDs; and 

transmitting the sender identification information to the plurality of mail recipient 
computers. 

15 155. A method ofrefimding postage, comprising: 

storing information for a postage transaction in a database, the postage tiansaction 
information comprising a tracking ID and an associated deUvery statiis; 
receiving a postage refimd inquiry; and 

retrieving tiie postage transaction information from tiie database in response to tiie 
20 postage reftind inquiry. 

156. The method of claim 155, further comprising refimding tiie postage based on 

the retrieved postage transaction information. 

157. The metiiod of claim 155, fiirther comprising displaying tiie postage 
transaction information. 

25 158. The method of claim 155, fiutiier comprising: 

receiving confirmatory delivery statiis information associated witii the tiacking ID; 

and 

updating tiie delivery statiis in tiie database witii tiie confirmatory deUvery statiis 
information. 
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159. The method of claim 155, wherein the postage transaction information further 
comprises a postage transaction date. 

160. The method of claim 155, wherein the postage transaction information further 
comprises a postage transaction date, postage transaction time, destination zip code, service 

5 class, postage amount, and mail piece weight. 

161. The method of claim 155, wherein the confirmatory delivery status 
information is received firom a postal authority. 

162. The method of claim 155, wherein the postage refund inquiry is received firom 
an account administrator. 

10 163. The method of claim 155, wherein the postage refimd inquiry is received &om 

an end user. 

164. The method of claim 155, wherein the postage is refunded based on the 
delivery status contained within the retrieved postage transaction information. 

165. The method of claim 164, wherein the postage is refimded only if the retrieved 
15 deUvery status indicates that a mail piece associated with the tracking ID has not been 

delivered. 

166. The method of claim 164, wherein the postage is not refimded if the retrieved 
delivery status indicates that a mail piece associated with the tracking ID has been deHvered. 

167. The method of claim 155, further comprising: 
20 iqpplying the tracking ID to a mail piece; 

processing the mail piece through a postal authority; 
reading the tracking ID on the mail piece; and 

updating the confitrmatory deUvery status information to indicate that the mail piece 
has been delivered. 

25 168. The method of claim 167, wherein the postage is not refunded. 

1 69. A method of refunding postage, comprising: 
storing infonnation for a plurality of postage transactions in a database, the 

information for each postage tiransaction comprising a tracking ID, postage transaction date, 

and delivery status associated with the tracking ID; 
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associating the stored postage transaction information with a user account; 
receiving a postage refund inquiry for the user account; 

retrieving the postage transaction information from the database in response to the 
postage refund inquiry; and 
5 refunding the postage for a first postage transaction only if the deUvery status for the 

first postage transaction indicates that a mail piece associated with the tracking ID for the 
first postage transaction has not been deHvered, and the postage transaction dates for the first 
and second postage transactions are the same. 

170. The method of claim 169, 

10 wherein the information for each postage transaction comprises a destination zip code, 

service class, and postage amount; and 

wherein the postage is refunded only if the destination zip codes, service classes, and 
postage amounts for the first and second postage transactions are the same. 

171. The method of claim 169, further comprising: 

15 receiving confirmatory deUvery status information associated with the plurality of 

tracking ID's; and 

updating flie pluraUty of deUvery statuses in the database with the confirmatory 
delivery status information. 

172. The method of claim 171, wherein the confirmatory deUvery status 
20 information is received from a postal authority. 

173. The method of claim 169, wherein the postage refimd inquiry is received from 
an accoimt administrator. 

174. The method of claim 169, wherein the postage refimd inquiry is received from 
an end user. 

25 175. The method of claim 169, further comprising: 

applying the pluraUty of tracking ID's to a pluraUty of mail pieces; 
processing the pluraUty of mail pieces through a postal authoritjr, 
reading the tracking ID on a mail piece; and 
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updating the confirmatory delivery status information to indicate that the plurality of 
mail pieces have heen delivered. 

176. The method of claim 175, wherein the postage is not refunded. 

1 77. A method of providing status for a plurality of mail pieces tracked by a postal 
authority, comprising: 

storing iiaformation for a plurality of postage transactions in a database, the 
information for each postage transaction comprising a tracking ID and an associated delivery 
status; 

receiving confirmatory delivery status information fi-om the postal authority; and 

updating the plurality of delivery statuses in the database with the confirmatory 
delivery status information. 

178. The method of claim 177, further comprising associating the stored postage 
transaction information with a plurality of user accounts. 

179. The method of claim 177, wherein the infomiation for each postage 
transaction further comprises a postage transaction date. 

1 80. The method of claim 1 77, wherein the information for each postage 
transaction further comprises a postage transaction date, postage transaction time, destination 
zip code, service class, postage amoimt, and mail piece weight. 

181. The method of claim 1 77, further comprising: 

applying the plurality of tracking BD's to a plurality of mail pieces; 

processing the plurality of mail pieces through a postal authority; 

reading the plurality of tracking ID*s on the plxirality of mail pieces; and 

updating the confirmatory delivery status information to indicate that the plurality of 
mail pieces have been delivered. 

182. A centralized postage-issuing computer system for providing status for a 
plurality of mail pieces tracked by a postal service, comprising: 

data processing circiutry; 

a database; 
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a communications module, when executed by the data processing circuitry, 
configured for receiving confirmatory delivery status information from a master tracking 
computer system; and 

a database management module, when executed by the data processing curcuitry, 
5 configured for storing information for a plurality of postage tiransactions in a database, the 
information for each postage transaction comprising a tracking ID and an associated deUvery 
status, tiie database management module fiirther configured for updating the deHvery status 
with the confirmatory dehvery status information. 

1 83 . The centralized postage-issuing computer system of claim 1 82, fiirther 

1 0 comprising a delivery stahis request module, when executed by the data processing ckcuitiy, 
configured for generating a request for Hhe confirmatory deUvery statiis information, wherein 
the communications module is finther configured for transmitting the request to the master 
tracking computer system. 

1 84. The centraUzed postage-issuing computer system of claim 1 82, wherein the 
1 5 database management module is fiurther configured for associating the stored postage 

transaction information with a plurality of user accounts. 

1 85. The centralized postage-issuing computer system of claim 1 82, wherein the 
information for each postage transaction fiirther comprises a postage transaction date. 

1 86. The centraUzed postage-issuing computer system of claim 1 82, wherein the 
20 information for each postage transaction further comprises a postage transaction date, 

postage transaction time, destination zip code, service class, postage amount, and mail piece 
weight. 

1 87. A method of determining whether issued postage has been used, comprising: 

storing information for a plurality of postage transactions in a database, the 
25 information for each postage transaction comprising one or more postage transaction items, a 
tracking ID and an associated delivery status; 

associating tiie postage transaction information with a user account; 
receiving an inquiry for duplicative postage transactions; 
retrieving the postage transaction information fi?om the database; 
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selecting the postage transactions in which the one or more postage transaction items 
are identical; aad 

determining if any of the delivery statuses for the selected postage transactions 
indicates lhat a mail piece has been deUvered. 

5 188. The method of claim 187, further comprising displaying the selected postage 

transactions to a postal authority. 

1 89. The method of claim 1 87, further comprising detennining that issued postage 
is unused if the any delivery statuses for the selected postage transactions indicates that a 
mail piece has been delivered. 

10 190, The method of claim 187, further comprising displaying the postage 

transaction information for the selected postage transactions. 

191 . The method of claim 1 87, wherein the one or more postage transaction items 
comprises a postage transaction date, destination zip code, service class, and postage amount. 

192. The method of claim 187, further comprising: 

15 receiving confirmatory delivery status information; and 

updating the deUvery statuses in the database with the confirmatory delivery status 
information. 

1 93 . The method of claim 1 92, wherein the confirmatory delivery status 
information is received from a postal authority. 

20 194. The method of claim 192, wherein the duplicative postage transaction inquiry 

is received firom an account administrator. 

1 95 . The method of claim 1 92, wherein the duplicative postage transaction inquiry 
is received firom an end user. 

196. The method of claim 192, further comprising: 

25 applying the plurality of tracking ED's to a plurality of mail pieces; 

processing the plurality of mail pieces through a postal authority; 

reading the plurality of tracking ID's on the plurality of mail pieces; and 

updating the confiraiatory deUvery status information to indicate that the plurality of 
mail pieces have been delivered. 
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1 97. The method of claim 1 96, further comprising determining that issued postage 
is not unused. 

1 98. A centralized postage-issuing computer system for determining whether issued 
postage has been used, comprising: 

5 data processing circuitry; 

a database; 

a communications module, when executed by the data processing circuitry, 
configured for receiving an inquiry for duplicative postage transactions; and 

a database management module, when executed by the data processing circuitry, 
10 configured for storing information for a plurality of postage transactions in a database, the 
information for each postage transaction comprising one or more postage transaction items, a 
tracking ID and an associated delivery status, the database management module fiirther 
configured for associating the postage transaction information with a user account; and 

a filtering module, when executed by the data processing circuitry, configured for 
15 selecting the postage transactions in which the one or more postage transaction items are 

identical, and determining if any of the delivery statuses for the selected postage transactions 
indicates that a mail piece has been delivered. 

1 99. The centralized postage-issuing computer system of claim 1 98, wherein the 
filtering module is finther configured for determining that issued postage is unused if the any 

20 delivery statuses for the selected postage transactions indicates that a mail piece has been 
deUvered. 

200. ' The centralized postage-issuing computer system of claim 198, wherein the 
one or more postage transaction items comprises a postage transaction date, destination zip 
code, service class, and postage amount. 

25 201 . The centralized postage-issumg computer system of claim 198, whCTein the 

communications module is fiirther configured for receiving confirmatory delivery status 
information, and the database management module is fijrther configured for updating the 
delivery statuses with the confirmatory delivery status information. 
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SYSTEMS AND METHODS FOR DETECTING POSTAGE FRAUD USING A tJNIQUE 
MAIL PIECE INDICIUM, REDUCING THE SIZE OF POSTAGE INDICIA, AND 

REFUNDING POSTAGE 

5 

FIELD OF THE INVENTION 

The present inventions relate generally to electronic postage metering systems, and 
more particularly, personal computer (PC)-based postage systems. 

BACKGROUND OF THE INVENTION 

10 In 1992, the United States Postal Service (USPS), acting largely on a formal 

December 1991 proposal by the inventor, began investigating the feasibility of PC-based 
postage technology. The USPS hosted an exploratory meeting, inviting the inventor and the 
four existing conventional postage meter vendors (Pitney Bowes, Neopost (called Friden at 
the time), Ascom Hasler, and Franco Postalia) — ^firms that represented 100% of the US meter 

1 5 market at that time. Subsequent years saw a number of follow-on meetings, and the USPS 
eventually published a specification in the 1996 Federal Register outlining what the USPS 
called an "Information Based Postage Indicium Program (IBIP)." The requirements for the 
IBIP are currently set forth in a document called ^Information Based Indicium Program 
(IBIP) — ^Performance Criteria For Information-Based Indicia and Security Architecture for 

20 Open IBI Postage Evidencing Systems (PCIBI-O)," which was pubhshed on June 25, 1999 
by the USPS, and which is fully and expressly incorporated herein by reference. 

Two different types of PC-based postage architectures have evolved. The first type of 
architecture is a distributed postage indicia generation system, an example of which is 
detailed in U.S. Patent No. 5,319,562, entitled "System and Method for Purchase and 

25 Application of Postage Using Personal Computer," which is expressly and fiilly incorporated 
herein by reference. In this system, lump sums of postage are purchased and downloaded via 
a telecommunications link to a local secmre computational device at the end user's location. 
In USPS jargon, this device is called the Postal Secure Device (PSD). Typically, these 
postage transfers range firom fifty to several thousand dollars. This amount is added to 

30 whatever balance remains in the PSD. The end user may then draw upon the balance in the 
PSD to produce postage indicia of varying amounts and service classes that are printed on 
mail pieces. As the mail pieces are individually metered (or in the case of the IBIP, created 
and simultaneously "metered"), the balance in the PSD is decremented by the transaction 
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amount (e.g., 34 cents). The second type of architecture is a centralized postage indicia 
generation system, an example of which is detailed in U.S. Patent No. 6,005,945, entitled 
"System and Method for Dispensing Postage Based on Telephonic or Web Milli- 
Transactions," and which is fully and expressly incorporated herein by reference. In this 
5 system, the end user's account balance is securely stored in a centralized postage-issuing 
computer system, and the end user contacts the centralized postage-issuing computer system 
each and every time postage is to be applied to a mail piece. 

Referring to Fig. 1, a typical IBIP mail piece 100 printed using either the distributed 
or the centralized postage indicia architecture is shown. The mail piece 100 comprises an 

10 envelope 102 on which various items are printed. A postage indicium 104 (in layperson's 
terms, a "stamp"), as appUed by a computer printer, is located in the upper right hand comer 
of the envelope 102. The postage indicium 104 comprises a two-dimensional barcode 106 
containing data relating to the mail piece 100 and the account holder, as well as human- 
readable information 108, e.g., the data, account number and amount of postage. The USPS 

1 5 has currently approved Portable Data File (PDF) and DataMatrix 2-D barcodes. Facing 
Identification Marks (FIM) 110 are located at the top of the envelope 102 above and to the 
left of the postage indicium 104, and are used by the USPS for the initial sortation of letter 
mail. The significance of the FIM 1 10 in letter mail processing is described in U.S. Patent 
No. 5,319,562. A return address 1 12 and destination address 1 14, which are self-evident, are 

20 printed on the face of the envelope 102. A POSTNET barcode 1 16, which is located beneath 
the destination address 114, represents the deUvery point ZIP code of the destination address. 
The delivery point ZIP code is an 1 1 -digit code, only 9 of which are shown on the last line of 
the destination address 114. The last two digits of the delivery point ZIP code are generally 
derived fi-om the last two digits of the street address number, which in the illustrated 

25 embodiment, is "47." 

The amount of data in the postage indicium 104 is substantial and was designed with 
a distributed postage indicia generation system in mind. Significantly, in a distributed 
postage indicium generation architecture, the USPS has no detailed knowledge of how the 
postage is consumed. For example, for a hypothetical $100 of postage downloaded, the end 
30 user could create ten postage indicia of a $10 valuation, two hundred indicia of 50-cent 
valuation, or a combination thereof. In reaUty, the number of permutations is far greater. 
The USPS approach to this problem was to create a postage indicium with suflBcient 
information, so that its authenticity could be determined in the absence of any otiier 
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information. In other words, the USPS sought a "stand-alone" system that would be 
verifiable using only the human-readable information on the mail piece 100 and the data 
encoded in the two-dimensional barcode 106 of the postage indiciimi 104. In theory, no 
other "outside" information would be necessary. Table 1 sets forth the current IBIP postage 
5 indicium contents, including the field name and byte size of each content item. 

Table 1: Current IBIP Indicium Contents 



Item Number 


Field Name 


Size (Bytes) 


1 


Indicia Version Number 


1 


2 


Algorithm ID 


1 


3 


Certificate Serial Number 


4 


4 


Device ID 


8 


5 


Ascending Register 


5 


6 


Postage 


3 


7 


Date 


4 


8 


License ZIP 


4 


9 


Destination ZIP 


5 


10 


Software ID 


6 


11 


Descending Register 


4 


12 


Rate Category 


4 


13 


Signature 


40 


14 


Reserved (Vendor Specific Information) 


1 


15 


Piece Count (Vendor Specific Information) 


4 



Thus, the date (item #7) embedded in the barcode portion of the postage indicium 104 
could be compared to the current date, as well as to the human-readable date. The postage 

10 amount (item #6) embedded in the barcode portion 106 of the postage indicium 104 could be 
compared to the human-readable postage amount, and for United States addresses, the 
delivery point ZIP code (item #9) embedded in the barcode portion 106 of the postage 
indicium 104 could be compared with the delivery address 114 printed on the mail piece 100. 
Should any of these "information pairs" show an inconsistency, the mail piece 100 would be 

15 immediately suspect and would be a candidate for further investigation. 

The 'Veracity** of the invention in the barcode portion 106 of the postage indicium 
104 was to be validated by public key cryptography, which was first disclosed by Diffie and 
Helhnan in 1976, and essentially involves the use of a matched pair of public and private key 
components to either encrypt or digitally sign data. The keys are extraordinarily large integer 
20 values that have interesting cryptographic capabilities. Briefly, the public key component can 
be used to encrypt material, or verify a digital signature created by the corresponding private 
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key. The private key component can be used only to create digital signatures that can be 
verified by the public key. Importantly, the public key component can be widely 
disseminated and in fact '^published," because it is virtually impossible to infer the 
corresponding private key component In cryptographic terms, it is "computationally 
5 infeasible" to infer the private key component given the public key component provided the 
modulus or size of the key is of sufficient size. Given the computational speed of computers 
available at the time of this writing, key sizes of 1024 or 2048 bits are considered highly 
secure. 

In the USPS implementation, public key encryption is not used, but rather the private 
10 key component is used to digitally sign data. For example, as illustrated in Table 1, a private 
key component is used to digitally sign the first twelve items contained in the postage 
indicium 104 to generate a digital signature (item #13), which digital signature is then 
appended thereto. In the USPS model, each end user (i.e., meter account) has a unique 
public/private key pair assigned to him or her. The private key component is never divulged 
15 to the end user, but is stored securely in the PSD at the end user's site. The PSD digitally 
signs the data, i.e., the information associated with the postage indicium request. The 
matching public key component can then be used to vaUdate the signature. A more detailed 
discussion of how pubUc key cryptography is used in the IBIP is disclosed in U.S. Patent No. 
6,005,945. 

20 Despite the commercial potential of the IBIP, it languished in uncertainty for several 

more years until two vendors were approved for beta testing in August of 1998. The 
companies, EStamp and Stamps.com, were relative newcomers to the PC-postage effort. 
Both firms finished beta testing approxunately one year later (the fall of 1999). Pitney 
Bowes, the dominant conventional manufacturer, and Neopost were approved several months 

25 later. A host of high- value IPO's, based on vastly overstated market potential, fimded the 

EStamp and Stamps.com efforts during the late 1990's. Significantly, as the year 2001 draws 
to a close, EStamp has withdrawn fi-om the postage business, Stamps.com is encountering 
several financial and legal problems, and the IBIP is in disarray. During their existence, the 
foregoing two firms consumed nearly one bilUon dollars in venture capital and public 

30 investment fimds attempting to make PC-postage a viable business. In simi, two 

extraordinarily well-funded vendors have been driven out of the business, the established 
manufacturers of postage meters have curtailed or delayed their entry into the PC-Postage 
arena, and end users who were hopefiil that this technology would save them time, money, 
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and frustration were deeply disappointed. There are a host of factors that have contributed to 
the failure of the IBIP to date. 

First, the USPS has insisted on developing a "perfect" security model before 
embarking on limited, alpha-level field-testing to identify **real world" problems. Second, 
5 the USPS has emphasized envelope printing, which, due to unyielding USPS mail processing 
requirements, proved to be very difficult to produce on desktop printers. This was especially 
tme for courtesy reply envelopes provided by utiUties and credit card firms, for example, 
because not only was the envelope difficult to feed and position, but there was a conflict in 
certain mail processing markings, especially the Facing Identification Code (FIM). Third, the 

10 focus on the consumer market with the promise of large numbers ended up costing the initial 
vendors large sums of money to acquire these customers, which did not provide sufficient 
financial returns. Fourth, the USPS was slow to appreciate and embrace a host of fraud 
prevention and detection enhancements inherent to centralized postage dispensing systems. ^ , 
Fifth, there is a lack of single piece discoimts for IBIP postage users, even though the 

15 addressing and automation requirements imposed by the IBIP are comparable with other 
discount mailings (such as First Class Presort mail), and even though the discount was 
repeatedly recommended by the Postal Rates Commission. 

Sixth, the pubhc key infrastmcture (PKI) approach adopted by the USPS has fallen 
short on many fronts. The first PKI-related problem surfaced immediately after the USPS 

20 published the initial BBIP specification in 1996. In order to provide a "stand-alone" 

verification system, barcode portion 106 of the postage indiciimi 104 would not only contain 
the items shown in Table 1, but would also have to carry the associated pubUc key 
information for that account. The data in Table 1 is represented by 96 bytes. Because the 
pubHc key component for a 1024 bit DSA key pair is 128 bytes long, however, adding the 

25 public key component for stand-alone verification caused the postage indiciimi 104 to be over 
twice the size of the current IBIP version. Comparable public key lengths are seen in the 
other USPS-approved key pairs such as RS A and elliptic curve. 

But the postage indicium 104 needed to be still larger to achieve the goal of stand- 
alone verification, because the public key component itself must be verifiable. To understand 
30 why, suppose an adversary generated her own public/private key pair. This is a very easy 
process for an entry-level cryptographic programmer. Then she could create a mail piece, 
generate indicium data with fraudulent account information, digitally sign that information 
with a private key, and then append the public key to the end of the indicium data. To a 

5 
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verifying party in a stand-alone environment, everything would seem to be in order if one 
trusted the public key component. 

This problem can be solved by using a Certificate Authority (CA), which is a very 
trusted party (e.g., a govermnent agency or a private firm such as Verisign) who will accept a 
5 public key component generated by a third party, investigate that party to ascertain that they 
are who they say they are, and upon approval, digitally sign the public key with a master 
private key maintained by that CA. Thus, if the verifying party has the public key component 
of the CA available in the stand-alone verification system, it can be used to verify the digital 
signature on the account-specific public key component. If that verification is successfiil, the 
10 account-specific public key can be used to authenticate the postage indicium 104. 

The advantage of this approach is that a single master CA pubUc key can be used to 
ascertain the veracity of millions of other pubUc keys. The disadvantage is that not only is a 
128-byte account-specific pubUc key required in the postage indicium 104, but the digital 
signature generated by the CA adds another 40 to 128 bytes of information. In addition, the 

15 CA typically embeds other information in the signed package, including the name of the 

party and the range of dates for which the account-specific public key is valid. The complete 
package is called a digital certificate and can grow to a size of several thousand bytes 
depending upon how many intermediate CA's are involved. The indicium data stream 
initially proposed by the USPS approached 500 bytes, and the associated two-dimensional 

20 bar code portion 106 of the postage indicium 104 covered approximately 25% of the area of a 
typical commercial #10 envelope. The mailing community and potential IBIP vendors 
resoundingly rejected this as completely unworkable. 

The inventor (and presmnably other potential IBIP vendors) proposed an alternative 
approach to the USPS, which brought the postage indicium down to the current 100 bytes. 

25 Rather than including a large digital certificate, a imique 4-byte numerical key pair ID (item 
#3 in Table 1) would be included instead. The key pair ID then references a complete CA- 
signed, account-specific public key that the USPS can distribute to field verification staff via 
CD-ROM or other means. Essentially, each verification staff member would have a database 
of CA-signed pubUc keys indexed by a key pair ID. When scanning postage indicium 104, 

30 the key pair ID would be used to look up the appropriate public key, and that key would be 
used to verify the digital signature in the postage indicium 104. 



6 
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While solving the space problem on the mail piece, the inclusion of a key pair ID 
witliin the postage indicium 104 did present the USPS with a new problem of distributing 
public keys to its JBeld staff. This proved to be a daunting task, as some vendors were signing 
up thousands of new end users per month, each of whom represented a public key that needed 
5 to be distributed to every field verifier if the goal of stand-alone verification was to be 
achieved. Thus, the second major PKI-related problem encountered by the USPS and the 
IBIP vendors was the cost and logistical issues associated with managing himdreds of 
thousands, if not milUons, of key pairs. IBIP vendors were charged for each key pair 
certified by the USPS CA. The cost, $8.00 US, was substantial for a PC postage service that 
10 had a price point as low as $1 .99/month. Furthemiore, the USPS had to maintain the 

database of pubhc keys, deal with the revocation and reissuing of pubUc keys as they expired, 
and handle other issues associated with the PKI. 

In 1998, the inventor suggested another approach to key management in centraUzed 
postage systems, which is disclosed in U.S. Patent No. 6,005,945. Stated briefly, this 

15 approach uses a single key pair to service the entire user community for a givra centralized 
postage vendor. The key pair might change daily, weekly or monthly for security reasons, 
but the net effect would be that only dozens of keys would be employed as compared to 
millions. We hasten to reiterate that this approach is feasible only when the postage indicia 
are created at the centrahzed server cluster run by the postage vendor. That is, the safety of 

20 the private key can be assured since it is in the possession of the trusted postage vendor, and 
not the end user. It should be noted that even the centralized system postage vendor does not 
have direct knowledge of the private key material. USPS design guidelines require that 
private key material can only be presented "in the clear'' within the confines of a FIPS-140 
coprocessor device at the centralized server cluster. This is to prevent "insider attacks" fi'om 

25 compromising the private signing key material. 

Distributed-architecture EBIP systems that use a local "vault" attached to a PC at an 
end user's site, or newer stand-alone meters that create signed IBIP-Uke indicia, must 
continue to have a unique, dedicated key pair in each remote PSD. If a single key pair was 
used, and an end user compromised just one of those devices, that key could be distributed 
30 widely and used to create millions of fraudulent postage indicia. 

In 1Q2001, the USPS permitted the inventor to institute the key management plan 
imder a three-month beta test, and later officially notified all IBI centraUzed postage vendors 
that they too could employ this approach. The net result is there will be far fewer public keys 
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to maintain for the USPS verification operations, and it is considerably more practical to 
perform stand-alone verification. Despite these improvements, the inventor believes that the 
stand-alone verification system can be eliminated without degrading postage security. 

Another problem with the self-verifying IBI indicium concept is that it does a poor 
5 job of protecting against the fi-audulent use of copies of valid postage indicia. Duplicate mail 
pieces have the potential to create substantial dollar losses to the USPS, particularly when 
high postage value packages are involved. Let us consider the following fraud scenario. A 
shipper has 70 poxmds of goods to ship to a cUent, and he wishes to use Priority Mail. 
Roughly speaking, the USPS charges about $1 10 to transport 70 pounds cross-country via 

10 Priority Mail. If the goods can be subdivided into smaller packages, the shipper coiild easily 
perform the following attack. The shipper would create a postage-bearing shipping label for 
35 poimds (approximately $52 in postage). The shipper would then create a second copy of 
this label, either by using a photocopy process, by interrupting the printer in mid-stream, 
causing it to think it must reprint a second version from the data in the printer memory, or by 

15 using a commonly available software package, such as Adobe Exchange, to create a PDF 
image of the label (rather tiian a print image), and then to print the resulting PDF image file 
more than once. Note that PC-based postage indicia do not use any special inks (such as the 
fluorescent-traced red ink used in conventional postage meters), so they are particularly easy 
to replicate. The shipper would then divide the shipment into two 35-pound cartons and 

20 apply a postage label to each carton (one an original, and the other a copy). 

This would ejBfectively defraud the USPS of over $50. If a USPS inspector happened 
to iDtercept either package and perform a scan of the barcode portion of the postage indicium, 
the information would be consistent on each label. The amount of postage in human-readable 
and barcode format would match. The date would be reasonable. The destination ZIP +4+2 
25 would match that on the physical destination address. The only way the verifier could detect 
the fraud is by intercepting both packages simultaneously and scanning them side-by-side. 
The inspector would hopefully notice that the ascending/descending balances (c.f. items 5 
and 1 1 in Table 1) were the same in each indicium — a clear indication of fraud. 

The USPS has seemingly discounted the impact of "copy fraud." The USPS 
30 recognizes that, as with conventional postage, it can only perform spot statistical testing on 
the mail stream. But the USPS has also been somewhat "envelope-centric" in their thinking. 
That is, the USPS feels that an attacker would find httle value in sending two envelopes to the 
same destination, and that the dollar amount of fraud would be on the order of 34 cents. The 
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inventor believes that the future of PC-based postage is not with envelopes, but with high 
value, expedited packages. Letter mail (e.g., correspondence, statements, and invoices) is 
being rapidly replaced with electronic communications, and in the not-too-distant future, 
packages will dominate the USPS environment This trend is likely to be accelerated given 
5 the anthrax attacks of 3Q2001. Therefore, it is believed that the USPS is underestimating the 
dollar value of this fraud threat. The inventor believes that by modifying the postage 
indicium as discussed herein, copy fraud can be further reduced if not effectively eliminated. 

This is an appropriate time to discuss the "uniqueness" of the information in indicia. 
As we have seen in the previous example, using the digitally signed ZIP+4+2 and cross 

1 0 checking this value with the ZIP+4+2 shown in the human readable address, is not a fool 
proof method to detect copy fraud. The ZIP+4+2 of a given delivery address is something 
that can appear in an indicium for a given account holder on many occasions. Insofar as the 
indicixun is concemed it is not a particularly unique value. What is imique in the originally ^ 
proposed and used USPS indicium as the combination of the account number, the ascending 

1 5 register, and the descending register (balance) for that account. For instance, the 

concatenation of these three values should always result in a unique nxmierical string in an 
indicimn. Put another way, if one finds two indicia with the identical concatenated value, this 
is clear evidence that at least one indicium is fraudulent. 

The descending register in a given postage account is simply the amount of postage 
20 available to create indicia. It is effectively the "remaining balance". The ascending register 
is the lifetime sum of all postage indicia created within that accoimt. When an indicium is 
created, the descending register is decremented by the indicium value and the ascending 
register is incremented. Eventually, the meter account will run out of funds (the descending 
register approaches zero) and the account hold can purchase more postage from the postal 
25 authority. A postal purchase results in a matching increase in the descending register. The 
ascending register is not impacted by a postage piwchase. 

One can see that for a given account, a given descending register (say $5.00) may 
occur many times over the lifetime of the account. However, a situation where the ascending 
register is $505 and the descending register is $104 will only occur once (if at all) in a given 
30 account lifetime. This is because the ascending register is ever increasing as the life of the 
meter goes on. 
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The USPS has based some portion of its fraud detection protocol on the '^uniqueness" 
provided by the ascending/descending register combination for a given account. But as an 
index for uniqueness, this is a poor choice from an operation standpoint* The combination of 
the two register values does not result in a contmuous number series. The registers are 

5 tracked to the 1/1 0^ of a cent (a mil), and a typical minimum chaage in the register values is 
340 mils (a 34 cent First Class postage indicium). The next indicium might be a high- 
postage-value package and result in a register change of 20000 mils ($20,00). Again, the 
combination of ascending/descending registers will be imique for a given account, but this 
"index of uniqueness" is far from opthnal. The index will have large gaps in the number 

10 sequence, and the gap sizes will be variable. 

A seventh problem that has contributed to the failure of the IBIP is the assumption 
that all printing-related problems could be controlled by "perfect" vendor software and 
therefore, a staunch refusal to oflFer a reftmd procedure for failed or partially-printed mail 
pieces. It should be stressed that PC-postage is different from printing other types of 

15 shipping labels (e.g., UPS or FedEx) in that misprints are, in effect, losses of "money." If a 
shipper misprints a UPS shipping label from a shipping software package or web site, another 
one can be reprinted and placed on the package with no negative financial impact to the 
shipper. This is because the UPS business model charges the shipper when the package 
enters the UPS shipping stream and is scanned. The UPS label has no inherent 'Value" until 

20 it enters the UPS delivery system. The USPS, however, as do many postal agencies 

worldwide, assumes that the postage is paid before the package enters the shipping stream. 

The current USPS refund procedures for misprinted mail pieces are overly strict and 
reflect a mindset formed over decades of supporting conventional meter technologies. 
Refunds are possible, but only if one presents a physical specimen. For instance, if a mail^ 
25 creates a meter strip using a conventional postage meter (or prints the postage indicium 

directly on a mail piece), and decides not to use that postage indicium, the postage indicium 
can be taken to a local post office for a refund of anywhere from 90% to 100% of the postage 
value. 

For PC-postage vendors, the procedures are somewhat differmt, although the criteria 
30 are the same. If the PC-postage user creates a readable mail piece (specifically, the postage 
indicium must be scannable), it may be submitted to the PC-postage vendor for a refund, the 
vendor, in turn, applies to the USPS for a refund. The overall process is complex, time- 
consmning, and very costly to operate. It also requires that USPS auditors make field visits 
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to the PC-postage vendors to examine all of the physical specimens before the refund can be 
authorized. 

If the end-user is unlucky enough to have attempted to print a mail piece that resulted 
in a deduction to the account balance, but has no physical evidence of this mail piece, the 
5 current USPS rules prohibit a refund. Unfortunately, this situation is not uncommon. The 
mail piece stock (e.g., label or envelope) can misfeed, causing only a portion of the indicium 
to print on the paper. Or if the PC is low on Graphic Display Interface (GDI) or memory 
resources, or has crashed for any reason, the printer driver may fail to render the two- 
dimensional barcode image. Or if the job is sent to a network printer, it is possible that 
10 another user/operator can flush the PC-postage print job by manipulating the printer queue or 
control panel, thus resulting in the unavailability of the specimen. 

As discouraging as all the IBIP-related problems may seem, the inventor feels that 
PC-postage can be made viable by incorporating novel, yet easily implementable, design 
elements into the IBEP base design 

15 SUMMARY OF THE INVENTION 

The inventions provide improvements in detecting postage fraud using a unique mail 
piece indicium, reducing the size of postage indicia, and/or refunding postage. 

A first improvement of an improved postage system and method uses a unique 
character string, such as, e.g., a tracking ID to, among other things, facilitate the detection of 

20 copy fraud. This tracking ID can be associated with a postage indicium and digitally signed 
to provide for a self-validating, unique postage indicium. The self-validating postage 
indicium can then be applied to a mail piece, e.g., a package, which may then be processed 
from the sender to the recipient through a postal authority, e.g., the USPS. For example, 
during the delivery process for the mail piece, the postal authority can scan all of the postage 

25 indicium or simply spot check samples. Once a given indicium's digital signature is 

validated by the postal authority using, e.g., PKI methods, the unique string contained within 
the indicium can be used in a variety of ways for fraud detection. 

For package mail that contains a unique deUvery tracking ID, the ideal unique 
character string for the indicium is the tracking ID itself. If 100% of the packages bearing a 
30 postage indicium have this postage indiciimi scanned, the tracking ID within the unique 
postage indicium can be compared in a computer operated by the postal authority to the 
tracking ID's in all other scanned and recorded postage indicia to ensure that the trackmg ID 
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is indeed unique and has not been duplicated. If the self-validating postage indicia on tracked 
mail pieces are only spot-checked, the tracking ID obtained from the validated postage 
indicium can be compared to a standard tracking ID found elsewhere on the mail piece in, 
e.g., human readable and/or barcode form. 

5 Unlike the two dimension EBI postage indicia barcodes, these standard tracking ID's 

(which are generally represented in simpler one dimensional barcodes, such as Code 128, 
Code 39, etc) are typically scanned 100% of the time. This scanning is a result of the normal 
processing that the postal authority implements to keep track of mail pieces (typically 
packages), and thus any copyist that duplicates the postage indicium would not be able to 

10 correspondingly copy the standard tracking ID's without detection of dupUcated tracking ID's 
or at least a tracking ID that is outside a normal range of tracking ID's, Thus, a comparison 
between the tracking ID found in the self-vahdating postage indicium and the standard 
tracking ID would reveal a discrepancy and thus possible fraud. This approach would be 
very effective in the case of two packages going from the same sender to the same destination 

15, address. While both packages would have the same deUvery ZIP+4+2 (a potential copy 

attack described earlier in this specification), the packages would have different tracking ID's. 
The copyist would be fiirther frustrated in his attempt to copy an existing vaUd indicium and 
tracking ID pair, and use that matched pair on another package altogether. This type of fraud 
would very Ukely be detected by the routine delivery scans of the tracking ID performed by 

20 the postal authority. 

In accordance with a &st, separate aspect of this first improvement, an improved 
method of providing a unique postage indicium within a postal system (e.g., the USPS) is 
provided. The method comprises generating a imique postage indicium having a character 
string (such as, e.g., a tracking ID) that is unique within the postal system. The tracking ID 

25 can be obtained from a single database to ensure its uniqueness. In addition to the unique 
tracking ID, the postage indiciimi can contain a number of other items, such as, e.g., indicia 
version number, algorithm identification, certificate serial number, device identification, 
ascending register, postage, date of maiUng, originating zip code, software identification, 
descending register, and rate category. The method fiirther comprises deriving a digital 

30 signature from the unique tracking ID, and associating the digital signature with the unique 
postage indicixmi to generate a self-vahdating unique postage indicium. In the preferred 
method, the digital signature is generated by applying a private key to the unique postage 
indicium. The digital signature is then attached, e.g., by appoading, to the unique postage 
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indicium. This self-validating unique postage indicium can then be applied to a mail piece 
(such as, e.g., a package or envelope) in a barcode format. The unique tracking ID can also 
be q3pUed to the mail piece independently of the self-validating unique postage indicium, as 
is the typical case with tracked packages. 

5 In accordance with a second separate aspect of this first improvement, a method of 

detecting postal fraud in a postal system (such as, e.g., the USPS) is provided. The method 
comprises receiving a plurality of mail pieces within the postal system, each carrying a self- 
validating postage indicium having a character string (such as, e.g., a tracking ED) and a 
digital signature derived from a data stream that includes the tracking ID, and optionally 
1 0 other postage-related data. 

The method ftirther comprises reading each self-vaUdating postage indicium to obtain 
the postage indicium and digital signature, validating each postage indicium by determining 
if the digital signature is consist^t with the tracking ID, and if applicable, the associated 
indicimn data, and comparing all of the tracking ID's obtained system-wide from the postage 
15 indicia. Thus, postal fraud can be detected if two of the imique character strings (e.g. 
tracking ZD's) match. La the preferred method, each self-validating postage indicium is 
embodied in a two dimensional barcode format that can be read with a barcode reader. Each 
digital signature can be generated with a private key, in which case, the postage indicium 
authentication comprises applying a corresponding pubUc key to each digital signature. 

20 In accordance with a third separate aspect of this first improvement, a method of 

detecting postal fraud in a postal system (such as, e.g., the USPS) is provided. The method 
comprises receiving a mail piece within the postal system, wherein the mail piece carries a 
self-validating postage indicium having a character string (such as, e.g., a tracking ID), and a 
digital signature derived from a data stream that includes the tracking ID, and optionally 

25 other postage-related data. The mail piece further carries an expected representation of the 
same tracking ID independent of the self- validating postage indicium. It is customary that 
this latter representation consists of a himaan readable string plus a one-dimensional barcode 
representation of that string. The method fiirther comprises reading the self-validating 
postage indicixmi to obtain the postage indicium data and associated digital signature, 

30 validating the postage indicium data by determining if the digital signature is consistent with 
the tracking ID, and comparing the validated tracking ID obtained from the postage indicium 
to the tracking ID found elsewhere on the mail piece. Thus, postal fraud can be detected if 
the tracking ID obtained from the postage indicium does not match the expected 
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representation of the tracking ID found elsewhere on the mail piece, indicating that the 
postage indicium has been duplicated. Postal fraud can further be detected if two or more of 
the tracking ID's found on two or more mail pieces match each otiier, indicating that the 
tracking ID's have been duplicated to match the dupUcated postage indicium. In the preferred 
5 method, each self- validating postage indicium is embodied in a barcode format that can be 
read with a barcode reader. Each digital signature can be generated witb a private component 
of a key pair, in which case, the postage indicium authentication comprises applying a 
corresponding public key to each digital signature. 

In accordance with a fourth separate aspect of this first improvement, a method of 
10 providing postage indicia for use in a postal system is provided. The method comprises 

generating a pluraUty of unique postage indicia having a plurality of character strings (such 
as, e.g., trackmg ID's) unique within the postal system, generating a plurality of digital 
signatures of the plurality of unique tracldng ID's, and generating a plurality of self-validating 
unique postage indicia by associating the plurality of digital signatures with the plurality of 
1 5 imique postage indicia. 

In one preferred method, all of these steps are performed in a centralized postage- 
issuing computer system that services a plurality of user accoimts. In this case, the method 
can further comprise receiving a plurality of postage indicium requests at the centralized 
postage-issuing computer system j&om a plurality of end user computers, processing the 

20 requests at the centralized postage-issuing computer system, and transmitting the resulting 
self-validating unique postage indicia from the centralized postage-issuing computer system 
to the end user computers. The postage indicium requests may be embodied in a variety of 
formats, but in the preferred method are embodied in single data streams. The centraUzed 
postage-issuing computer system can obtain the unique tracking niunbers from various 

25 sources, but in the preferred method are obtained either indirectly from a master tracking 
computer system via the end user computers or directly from the master tracking computer 
system. In another preferred method, all of these steps are performed in the end user 
computers, in which case, the tracking nimibers can be obtained directly from the master 
tracking computer system. 

30 In accordance with a fifHi separate aspect of this first improvement, a method of 

providing a postage indicium for use ia a postal system (such as, e.g., USPS). The method 
comprises receiving a unique identifier request from an end user computer, and transmitting a 
unique identifier (such as, e.g., a tracking number) to the end user computer in response to the 
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unique identifier request. The unique identifier may take a variety of forms, e.g., a single 
unique character string such as a tracking number, or two or more character strings such as a 
postage vendor ID, user accoimt number, and piece count. The method fiirther comprises 
receiving a postage indicium request firom an end user computer, generating a unique postage 
5 indicium carrying the unique identifier, deriving a digital signature firom the unique identifier, 
generating a self-validating imique postage indicium by associating the digital signature with 
the unique postage indicium, and transmitting the self-validating unique postage indicium 
independently firom the unique identifier. The unique identifier and self-validating postage 
indicium can then be applied to a mail piece by the end user computer. 

10 In one preferred method, all of the steps are performed in a centralized postage- 

issuing computer system that services a pluraUty of user accoimts. In this case, the mettiod 
can fiurther comprise transmitting another unique identifier request from the centraUzed 
postage-issuing computer system to the master tracking computer system in response to 
receipt of the unique identifier request from the end user computer, and receiving the unique 

15 identifier at the centralized postage-issuing computer system from a master tracking 
computer system. Alternatively, the received unique identifier can be stored in the 
centralized postage-issuing computer system prior to receiving the unique identifier request 
from the end user computer. In another preferred method, all of the steps are performed in 
the centralized postage-issuing computer system, with the exception of the receipt of the 

20 xmique identifier request and the transmission of the unique identifier, which are performed in 
the master tracking computer system. In this case, the unique identifier received by the end 
user computer is transmitted to the centralized postage-issuing computer system. 

La accordance with a sixdi separate aspect of this first improvement, a postage indicia 
generation system for implementation with a postal system is provided. The system 

25 comprises an end user computer, a centralized postage-issuing computer system, and a 

communications link connecting the end user computer with the centraUzed postage-issuing 
computer system. The end user computer is configured for transmitting a postage indicium 
request to the centralized postage-issuing computer system over the commxmications link, 
and the centraUzed postage-issuing computer system is configured for generating and 

30 transmitting a self- validating imique postage indicium to the end user computer over the 

communications link. The self-vaUdating unique postage indicium contains a character string 
(such as, e.g., a tracking ID) unique to the postal system and a digital signature that is derived 
from the tracking ID, and optionally other postage-related data. 
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In a preferred embodiment, the system may further include a master tracking 
computer system and another communications link that connects the centralized postage- 
issuing computer system with the master tracking computer system. In this case, the master 
tracking computer system can be configured for transmitting the tracking ID to the 
5 centralized postage-issuing computer system over the other communications link. The 
tracking ID may be transmitted to the centralized postage-issuing computer system in 
response to a unique identifier request fi-om the centralized postage-issuing computer system, 
or altematively may be periodically transmitted to the centralized postage-issuing computer 
system with a pool of xmassigned tracking ID*s, which are then stored in a database prior to 

10 receiving the postage indicium request fi-om the end user computer. In another preferred 

embodiment, the system may further include a master tracking computer system and another 
commimications link that connects the master tracking computer to the end user computer. In 
this case, the end user computer can be configured for transmitting a unique identifier request 
to the master tracking computer system over the other communications link, for receiving the 

15 unique character string firom the master tracking computer system over the other 

communications link, and for transmitting the unique character string to the centralized 
postage-issuing computer system over the communications link. 

In accordance with a seventh separate aspect of this first improvement, a centralized 
postage-issuing computer system for issuing postage indicia within a postal system is 

20 provided. The centralized postage-issuing computer system comprises data processing 

circuitry, a database storing a plurality of user accounts, and a conDmunications module, when 
executed by tiie data processing circuitry, configured for receiving a postage indicium request 
firom an end user computer. In a preferred embodiment, the communications module may 
fiufiier be configured for transmitting the self-vaMdating unique postage indicium to flie end 

25 user computer, and for receiving the tracking ID fi^om a master tracking computer system, or 
altematively firom the end user computer. 

The centralized postage-issuing computer system further comprises a postage 
indicium generation module, when executed by the data processing circuitry, configured for 
generating a self- validating imique postage indicium in response to the postage indicixmi 
30 request. The self- validating imique postage indicium contains a character string (such as, 
e.g., a tracking ID) imique to the postal system and a digital signature derived fiom the 
unique tracking ID. In generating the postage indicium, the postage indicium generation 
module may comprise a unique postage indicium generation submodule for generating the 
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unique postage indicium, a digital signature generation submodule for generating the digital 
signature, and an association submodule for associating the digital signature with the unique 
postage indicia to generate the self-validating unique postage indicium. 

A second improvement uses an indexing identifier (such as, e.g., a tracking ID or the 
5 combination of a postage vendor ID, user account, and piece count) to decrease the size of tihie 
postage indicium transmitted to an end user computer, or eliminate transmission of the 
postage indicium altogether. When the postage indicium for the end user computer is 
generated, it is stored, and the indexing identifier, rather than the postage indicium, is 
transmitted to the end user computer. The indexing identifier is applied to a mail piece, 
10 which is then scanned by the postal authority. The postal authority can obtain the stored 

postage indicium by reference to the indexing identifier. In this manner, the postal authority 
has access to the postage indicium without having to apply it to the mail piece. 

Li accordance with a first separate aspect of this second improvement, a method of 
indexing a postage indicium within a centralized postage-issuing computer system having a 

15 pluraHty of user accounts is provided. The method comprises generating a postage indiciimi 
associated with a mail piece, associating an indexing identifier with the postage indicium, and 
storing the indexed postage indicium within a database. The indexing identifier can be 
embodied in a variety of fomis, but in the preferred method is xmique within a postal service 
(such as, e.g., the USPS) and comprises a postage vendor ID, user account number, and piece 

20 count, or alternatively, a imique tracking ID. The postage indicium may comprise a variety 
of items, such as, e.g., postage amount, date and time of postage information creation, service 
class, optional data advance, and delivery zip code. « 

To protect the integrity of the postage indicium stored in the centralized postage- 
issuing computer system, the method preferably comprises deriving a digital signature fi-om 

25 the postage indicixmi, associating the digital signature with the postage indiciimi to generate 
an indexed self-validating postage indicium, and storing the indexed self- validating postage 
indicium within the centralized postage-issuing computer system. The digital signature may 
be generated by applying a private key to the postage indicium, and the digital signature can 
be associated with the postage indicium by attaching it thereto. The digital signing of the 

30 postage indicimn can be fiirther protected using a physically secure coprocessor device to 
perform this operation. 
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In the preferred method, aa indexing identifier request is received from an end user 
computer, and the indexing identifier is transmitted to the end user computer. The indexing 
identifier can then be applied to a mail piece. When the mail piece is being inspected by the 
postal authority, the method may further comprise receiving a postage indicimn request 
5 containing the indexing identifier from the postal authority, retrieving the indexed postage 
indicium from the database based on the received indexing identifier, and transmitting the 
indexed postage indicium to the postal authority. 

In accordance with a second separate aspect of this second improvement, a method of 
validating postage for a postal service is provided. The method comprises generating a 

10 postage indicium associated with a mail piece, associating an indexing identifier with the 
postage indicium, and storing the indexed postage indicium within a database. The metiiod 
fiuHier comprises applying the indexing identifier to the mail piece, reading the indexing 
identifier on the mail piece, and retrieving the indexed postage indicium from the database 
based on tiie indexing identifier. The indexing identifier can be ^plied to the mail piece in a 

1 5 variety of formats, but in the preferred method is apphed in a barcode format (such as, e.g., a 
two-dimensional barcode or even a one-dimensional barcode), and read using a barcode 
reader, or apphed in a human-readable format, and read using an optical character reader. 

Li accordance with a third separate aspect of this second improvement, a centrahzed 
postage-issuing computer system for indexing postage indicia for a plurality of user accounts 

20 within a postal system is provided. The centralized postage-issuing computer system 

comprises data processing circuitry, a database, a postage indicium generation module, when 
executed by the data processing circuitry, configured for generating a postage indicium, an 
indexing module, when executed by the data processing circuitry, configured for associating 
an indexing identifier Avith the postage indicium, and a database management module, when 

25 executed by the data processing circuitry, configured for storing the indexed postage 
indicium within the database, and for retrieving the indexed postage indicium from the 
database based on the indexing identifier. 

The postage indicium may be self-vaUdating. In generating the self-validating 
postage indicium, the postage indicium generation module may comprise a postage indicium 
30 generation submodule for generating the postage indicium, a digital signature generation 

submodule for generating tiie digital signature; and an association submodule for associating 
the digital signature with the postage indicium to generate the self-vaUdating indexed postage 
indicium. To provide additional security, key cryptographic operations may be accomplished 
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by means of a physically secure coprocessor device. la the preferred embodiment, the 
centralized postage-issxung computer system comprises a communications module, when 
executed by the data processing circuitry, configured for receiving an mdexing identifier 
request fi-om an end user computer, and for transmitting the mdexing identifier to the end user 
5 computer. The communications module may also be for receiving a postage indicium request 
containing tiie indexing identifier firom a postal authority, and for transmitting the retrieved 
indexed postage indicium to the postal authority. 

In accordance with a fourth separate aspect of this second improvement, a method of 
validating postage in a postal system is provided. The method comprises receiving a postage 

10 indicium request fi-om a postal authority (such as, e.g., the USPS), wherein the postage 

mdicium carries an indexing identifier and is associated with a mail piece inspected by the 
postage authority. The method fiarther comprises retrieving an indexed postage indicium 
firom a database based on flie received indexing identifier, and transmitting the postage - 
indicium to the postal authority. The indexed postage indicium may be self-validating 

15 postage indicium that is created within a physically seciu-e coprocessor device. As such, 
these signed indicia may be safely stored in a conventional database for later access and 
signature verification. 

In accordance with a fifth separate aspect of this second improvement, the indexing 
identifier can be used to request and receive sender identification information to verify that 
20 the sender of a received mail piece is a trusted individual or entity. 

A third improvement uses a tracking ID to facilitate the refimding of imused postage. 
Information for a postage transaction, along with the tracking ID and an associated delivery 
status, is stored. This delivery status is updated when the mail piece carrying the tracking ID 
is delivered. Unused postage can be confirmed by retrieving the stored postage transaction 
25 information and determining firom that whether there are duplicative postage transactions. 
The delivery statuses for the duplicative postage transactions can then be reviewed to 
determine whether the mail pieces associated with these postage transactions have been 
delivered. If not, one of the postage transactions may be refiinded. 

hi accordance with a first separate aspect of this third improvement, a method of 
30 refimding postage is provided. The method comprises storing information for a postage 
transaction m a database, wherein the postage transaction information comprises a tracking 
ID and an associated deUvery status. The postage transaction information may also comprise 
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a postage transaction date, postage transaction time, destination zip code, service class, 
postage amount, and mail piece weight. The method further comprises receiving a postage 
refund inquiry, e.g., from an account administrator or the end user, and retrieving the postage 
transaction information from the database in response to the postage refund inquiry. A 
5 postage may then be refunded based on the retrieved postage transaction information. For 
example, the postage may be refunded only if the retrieved delivery status indicates that a 
mail piece associated with the tracking ID has not been delivered, and not refunded if the 
retrieved delivery status indicates that a mail piece associated with the tracking ID has been 
delivered. The postage transaction information may be displayed to facilitate the refunding 
10 process. In the preferred method, confirmatory delivery status information associated with 
the tracking ID is received from, e.g., a postal authority, and the delivery status in the 
database is updated with the confirmatory delivery status information. 

In accordance with a second separate aspect of this third improvement, a method of 
refunding postage is provided. The method comprises storing information for a plurality of 

1 5 postage transactions in a database, wherein the information for each postage transaction 
comprises a tracking ID, postage transaction date, and delivery status associated with the 
tracking ID. In the preferred method, confirmatory delivery status information associated 
with the plurality of tracking ID's may be received from a postal authority, and the plxirality 
of delivery statuses in the database may be updated with the confirmatory delivery status 

20 information. The method further comprises associating the stored postage transaction 

information with a user accoimt, receiving a postage refimd inquiry for the user account (e.g., 
from an account administrator or end user), and retrieving the postage transaction information 
from the database in response to the postage refund inquiry. The method further comprises 
refunding the postage for a first postage transaction only if the delivery status for the first 

25 postage transaction indicates that a mail piece associated with the tracking ID for the first 
postage transaction has not been dehvered, and the postage transaction dates for ttie first and 
second postage transactions are the same. The information for each postage transaction may 
comprise a destination zip code, service class, and postage amount, in which case, the postage 
may be refunded only if the destination zip codes, service classes, and postage amounts for 

30 the first and second postage transactions are the same. 

In accordance with a third separate aspect of this third improvement, a method of 
providing status for a plurality of mail pieces tracked by a postal authority is provided. The 
me&od comprises storing information for a plurality of postage transactions in a database, 
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wherein the infonnation for each postage transaction comprises a tracking ID and an 
associated delivery status. The method further comprises receiving confirmatory delivery 
status infomiation firom the postal authority, and updating the plurality of delivery statuses in 
the database with the confirmatory deUvery status infonnation. In the preferred method, the 
5 stored postage transaction information is associated with a plurality of user accounts. 

In accordance with a fourth separate aspect of this third improvement, a centralized 
postage-issuing computer system for providing status for a plurality of mail pieces tracked by 
a postal service is provided. The centralized postage-issuing computer system comprises data 
processing circuitry, a database, a communications module, when executed by the data 

10 processing circuitry, configured for receiving confirmatory delivery status information firom a 
master tracking computer system, and a database management module, when executed by the 
data processing circuitry, configured for storing information for a plurality of postage 
transactions in a database. The information for each postage transaction comprises a tracking 
ID and an associated delivery status. The database management module is fiirther configured 

1 5 for updating the delivery status with the confirmatory deUvery status infonnation. . The 
database management module may further associate the stored postage transaction 
infonnation with a plurality of user accoimts. In the prefened embodiment, the central 
computer comprises a delivery status request module, when executed by the data processing 
circuitry, configured for generating a request for the confirmatory delivery status information. 

20 In this case, the communications module may transmit the request to the master tracking 
computer system. 

In accordance with a fifth separate aspect of this third improvement, a method of 
detennining whether issued postage has been used is provided. The method comprises 
storing information for a pluraUty of postage transactions in a database, wherein the 

25 information for each postage transaction comprises one or more postage transaction items 
(such as, e.g., a postage transaction date, destination zip code, service class, and postage 
amount), a tracking ID and an associated delivery status. The method further comprises 
associating the postage transaction information with a user account, receiving an inquiry for 
duplicative postage transactions fi-om, e.g., an account administrator or end user, retrieving 

30 the postage transaction information from the database, selecting the postage transactions in 
which the one or more postage transaction items are identical, and determining if any of the 
delivery statuses for the selected postage transactions indicate that a mail piece has been 
delivered. The method may further comprise determining that issued postage is unused if any 
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of the delivery statuses for the selected postage transactions indicate that a mail piece has 
been delivered, hi the preferred method, confirmatory delivery status information is received 
firom, e.g., a postal authority, and the delivery statuses in the database are updated with the 
confirmatory delivery status information. 

5 In accordance with a sixth separate aspect of this third improvement, a centralized 

postage-issuing computer system for determining whether issued postage has been used is 
provided. The centralized postage-issuing computer system comprises data processing 
circuitry, a database, a communications module, when executed by the data processing 
circuitry, configured for receiving an inquiry for duplicative postage transactions, and a 

10 database managraaent module, when executed by the data processing circuitry, configured for 
storing iixformation for a plurality of postage transactions in a database, and associating the 
postage transaction information with a user account The centralized postage-issuing 
computer system further comprises a filtering module, when executed by the data processing 
circuitry, configured for selecting the postage transactions in which the one or more postage 

15 transaction items are identical, and determining if any of the delivery statuses for the selected 
postage transactions indicate that a mail piece has been delivered. In the preferred 
embodiment, a filtering module is further configured for determining that issued postage is 
unused if any of the delivery statuses for the selected postage transactions indicates that a 
mail piece has been dehvered. The conmiunications module may further be for receiving 

20 confirmatory delivery status information, and the database management module may further 
be for updating the delivery statuses with the confirmatory deUvery status information. 

Other and further aspects and features of the inventions will become apparent firom 
the following drawings and detailed description. The inventions do not require the presence 
of all of the separate aspects or all of the separate improvements. Thus, the inventions may 
25 combine any one or more of the separate aspects, as well as combine any one or more of the 
sqjarate improvements. 

BRIEF DESCRIPTION OF THE DRAWINGS 

In order to better appreciate how the above-recited and other advantages and objects 
of the present inventions are obtained, a more particular description of the present inventions 
30 briefly described above will be rendered by reference to specific embodiments thereof, which 
are illustrated in the accompanying drawings. Understanding that these drawings depict only 
typical embodiments of the invention and are not therefore to be considered limiting of its 
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scope, the invention will be described and explained with additional specificity and detail 
through the use of the accompanying drawings in which: 

Fig. 1 is top view of a prior art IBIP mail piece; 

Fig. 2 is a top view of a USPS Priority Mail postage label constructed in accordance 
5 with the present inventions; 

Fig. 3 is a block diagram of a first postal system constmcted in accordance with the 
present inventions, wherein the first postal system utilizes unique tracking ID's to detect 
postal copy fi-aud; 

Fig- 4 is a block diagram of an end user computer used in the first postal system of 

10 Fig. 3; 

Fig. 5 is a block diagram of a centralized postage-issuing computer system used in the 
first postal system of Fig. 3 ; 

Fig. 6 is a block diagram of another centralized postage-issuing computer system used 
in the first postal system of Fig. 3; 

15 Fig. 7 is a block diagram of a master tracking computer system used in the first postal 

system of Fig. 3; 

Fig. 8 is a block diagram of a postage validation computer system used in the first 
postal system of Fig. 3; 

Fig. 9 is a flow diagram illustrating a procedure for indirectly issuing a tracking ID 
20 firom the master tracking computer system of Fig. 7 to the end user computer of Fig. 4 via the 
centralized postage-issuing computer system of Fig. 5; 

Fig. 10 is a flow diagram illustrating a procedure for issuing a tracking ID fi-om the 
centralized postage-issuing computer system of Fig. 6 to the end user computer of Fig. 4; 

Fig. 1 1 is a flow diagram illustrating a procedure for downloading unassigned 
25 tracking ED's firom liie master computer tracking system of Fig. 7 into the centralized postage- 
issuing computer system of Fig. 6 and for uploading postage information fi-om the centralized 
postage-issuing computer system to the master tracking computer system; 

Fig. 12 is a flow diagram illustrating a procedure for directly issuing a tracking ID 
firom the master tracking computer system of Fig. 7 to the end user computer of Fig. 4; 
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Fig. 13 is a flow diagram illustrating a procedure for dispensing a self-validating 
unique postage indicium from the centralized postage-issuing computer system of Figs. 5, 6, 
or 33 to the end user computer of Fig. 4; 

Fig. 14 is a flow diagram illustrating a procedure for validating the postage on a mail 
5 piece using the postage validation computer system of Fig. 8; 

Fig. 15 is a block diagram of a second postal system constructed in accordance with 
the present inventions, wherein the second postal system utilizes indexing identifiers to 
reduce or eliminate the size of the postage indicium; 

Fig. 16 is a block diagram of an end user computer used in the second postal system 
10 of Fig. 15; 

Fig. 17 is a block diagram of a centralized postage-issuing computer system used in 
the second postal system of Fig. 15; 

Fig. 18 is a block diagram of a postage validation computer system used in the second 
postal system of Fig. 15; 

15 Fig. 19 is a top view of an iadexing identifier r^resented as a two-dimensional 

barcode; 

Fig. 20 is a top view of an iadexing identifier represented as a one-dimensional Code 
128 barcode; 

Fig. 21 is a top view of an indexing identifier represented as a one-dimensional 
20 POSTNET or PLANET barcode; 

Fig- 22 is a top view of an indexing identifier represented as numerical data; 

Fig. 23 is a flow diagram illustrating a procedure for indexing a postage indicium and 
applying an indexed identifier to a label; 

Fig. 24 is a flow diagram illustrating a procedure for validating the postage on a mail 
25 piece using liie indexed identifier; 

Fig. 25 is a block diagram of a third postal system constructed in accordance with the 
present inventions, wherein the third postal system utilizes a tracking ID to facilitate 
refunding of unused postage; 

Fig. 26 is a depiction of a display showing the results of a refimd eligible inquiry 
30 performed in the third postal system of Fig. 25; 
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Fig. 27 is a depiction of a display showing the results of an audit review performed in 
the third postal system of Fig. 25; 

Fig. 28 is a depiction of a display showing the results of a refund pattern audit 
performed in the third postal system of Fig. 25; 

5 Fig. 29 is a block diagram of a centralized postage-issuing computer system used in 

the third postal system of Fig. 25; 

Fig. 30 is a block diagram of a master tracking computer system used in the third 
postal system of Fig. 25; 

Fig. 31 is a flow diagram illustrating a procedure for acciraiulating and updating 
10 postage transaction information stored in the centralized postage-issuing computer system of 
Fig. 29; 

Fig. 32 is a flow diagram illustrating a procedure for issuing a refund within the 
centralized postage-issuing computer system of Fig, 29; 

Fig. 33 is a block diagram of still another centraUzed postage-issuing computer 
1 5 system used in the first postal system of Fig. 3; 

Fig. 34 is a depiction of a display prompting a mail recipient to ^ter a tracking ID as 
a sender identification request; 

Fig. 35 is a depiction of a display showing sender identification information; 

Fig. 36 is a depiction of a mail recipient computer for displaying the information of 
20 Figs. 34 and 35; and 

Fig. 37 is a flow diagram illustrating a procedure for verifying a sender of a received 
mail piece. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

25 The present invention is directed to a postage indicia tracking system for generating 

self-vaUdating unique postage indicia that can be vahdated by a postal authority (such as, 
e.g., the United Stated Postal Service (USPS), United Parcel Service (UPS), Federal Express 
(FedEx), etc.) for various purposes (such as, e.g., detecting copy fl-aud, postage 
counterfeiting, refund facilitation, etc.). 



25 



BNSDOCID: <WO 0304462QA2JA> 



wo 2003/044620 



PCTAJS2002/033024 



Referring to Fig. 2, a USPS Priority Mail postage label 200 generated in accordance 
with the present inventions can be used in a high-postage value transaction (such as» e.g., 
packages^ expedited services, etc.) to detect copy fraud, since such transactions represent the 
largest fraud threat, and are the mostly likely demogr^hic to embrace PC-Postage. We 
5 hasten to add that the present invention does not exclude envelope mail, and there are 
iimovations presented for that arena as well. Nor does it exclude other package shipment 
sendees provided by other postal authorities, or by private shipping firms (such as, e.g., UPS, 
Airbome, or FedEx). 

Like the prior art envelope 102 shown in Fig. 1, the label 200 shown in Fig. 2 carries 

10 a self-validating unique postage indicium 204 that is presented in a two-dimensional barcode 
206 containing data relating to the mail piece on which the label 200 is applied, as well as 
human-readable information 208, retum address 212, destination address 214, and POSTNET 
barcode 216. Noteworthy, is that Facing Identification Marks (FIM) are not located on the 
label 200, since the FIM is only a requirement for letter mail and has no value in the 

15 processing of packages. The label 200 further includes a standard unique trackmg ID 218 at 
its center. The tracking ID 218 is presented in an associated computer readable form (such 
as, e.g., a one-dimensional barcode 220), and as alpha-nxmierical data 222, in this case, the 
number "0180 5213 9070 221 1 5878/' Up to this point, a typical USPS label, which can be 
used to provide tracking capability for mere adiiiinistrative purposes, has been described. For 

20 example, in the USPS environs, one can obtain a delivery confirmation code for Priority 
Mail, an Express Mail tracking code for Express Mail, a Signature Confirmation code for 
Priority Mail, and a delivery confibmation code for media mail. Sinailar tracking ID"s are 
used by other carriers (such as, e.g., UPS, and FedEx), as well as other postal authorities 
worldwide. Tracking numbers may also be added to First Class mail in the fixture, and are 

25 used in such ancillary services at Certified Mail. 

The standard tracking ID's 218 currently used on these USPS labels, however, are not 
suitable for preventing postage fi*aud, since one can easily duplicate the postage indicia, while 
using different tracking ID's 218 (perhaps on a separate label), effectively covering up the 
copy fi"aud. To facilitate in detecting fraud, the self-validating unique postage indicimn 204 
30 has been modified to include a unique identifier. As will be described in fiirther detail below, 
the unique identifier can be composed of, e.g., the same tracking ID 218 that is provided at 
the bottom rigjit comer of the label 200. In this case, the unique identifier contained within 
file self-validating unique postage indicium 204 can be used to validate the standard tracking 
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ID 218, and can thus be relied upon to detect copy fraud in a stand-alone verification system. 
If a standard tracking ID 21 8 is not used on the label 200 (e.g., if the mail piece is being 
shipped via first class mail), the unique identifier can be composed of the piece count or 
ascending register in combination with the postage vendor ID and user account number. In 
5 this case, detection of copy fraud can be ensured in a stand-alone verification system only if 
100% of the postage indicia are scaimed. It is noted that a tracking ID provides uniqueness 
with a single string of numbers, whereas a postage vendor ID/user account/piece coimt (or 
ascending register) combination provides uniqueness with two strings of nimibers. To this 
extent, the tracking ID, when available, is more advantageous to use, not only because it can 

10 detect copy fraud with respect to a single mail piece even if less than 100% of the postage 
indicia is scanned, but also because it can simply accomplish this with a single unique string 
of characters. As will be described in fiuther detail below, however, use of the postage 
vendor ID/user account/piece coimt (or ascending register) combination as the unique 
identifier can be advantageously used to detect postal fraud in a non-stand-alone verification 

1 5 system even if 100% of the mail pieces are not scanned. 

Referring to Fig. 3, a postage system 300 provides a means for validating postage 
indicia in a stand-alone verification system using unique identifiers, and specifically, tracking 
ID*s. In this embodiment, in response to requests for tracking ID*s from end users, the postal 
service directly issues tracking ID's to the end users in a manner similar to that currently used 
20 by the USPS today. Altematively or optionally, the postal service indirectly tracking ID*s to 
the end users via a postage vendor. In any event, the postage vendor generates and sends 
self-validating unique postage indicia, which carry the issued tracking ID's, to the end users. 
The tracking numbers contained with the self- validating unique postage indicia are then used 
by the postal service to verify the postage on the mail pieces generated by the end users. 

25 To this end, the postage system 300 generally comprises a centralized postage indicia 

generation system 302, which includes a multitude of centralized postage-issuing computer 
systems 305/306/307 (referred to as "central computer systems" in the figures), each of which 
communicates with a multitude of end user computers 308. The postage system 300 also 
generally comprises a postal service 304, which includes a master tracking computer system 

30 310 and a postage vahdation computer system 312. As will be described in fiirther detail 
below, the different configurations of centralized postage-issuing computer systems 
305/306/307 represent different means for issuing the tracking ID's to the end user computers 
308. As illustrated, the centralized postage-issuing computer systems 305/306/307, end user 
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computers 308, master tracking computer system 310, and postage validation computer 
system 3 12 variously communicate with each other over communications links 314-322, each 
of which may represent, e.g. a LAN, Internet, or telephone network). It should be noted that, 
in the illustrated embodiment, communications among the end user computers 308, 
5 centralized postage-issuing computer system 305/306/307, master tracking computer system 
310, and postage validation computer system 312 over the various links are generally secured 
by use of session encryption/decryption technology. The software and processes used to 
implement this technology is described in detail in U.S. Patent No. 6,005,945, which has 
previously been incorporated herein by reference. 

10 In the illustrated embodiment, each end user computer 308 is owned and operated by 

a client of a postal vendor, and is the principal device for preparing mail pieces by printing 
the tracking ID's and self-validating imique postage indicia on the mail pieces when received 
by the centralized postage-issuing computer system 305/306/307. Each centraUzed postage- 
issuing computer system 305/306/307 is owned and operated by a postal vendor and is the 

15 principal device that dispenses unique postage indicia to the end user computers 308 over 

communications links 314 in response to requests by the raid user computers 308. As will be 
described in furflirar detail below, the self-validating unique postage indicia contain identifiers 
that are unique within the postal service 304. Thus, at least for a significant period of time, 
e.g., one year, no two unique identifiers will be identical, thereby providing a reliable means 

20 for detecting mail firaud. The unique identifiers can be composed of numbers, letters, or a 
combination. As previously discussed, however, these imique identifiers are preferably 
tracking ZD's. 

The centralized postage-issuing computer systems 306 and 307 are also the principal 
devices tiiat directly transmit tracking ID's to fee end user computers 308 over 

25 conamunications links 314 in response to requests by the &ad user computers 308. This 
configuration is used when the end user computers 308 do not directly obtain the tracking 
ID'S firom the master tracking computer system 310. The centralized postage-issuing 
computer systems 306 and 307 difier firom each other in that the centralized postage-issuing 
computer system 306 merely acts as a vehicle for passing on tracking ZD's issued by the 

30 master tracking computer system 3 1 0 to the end user computers 308, whereas the centralized 
postage-issuing computer system 307 actually issues tracking ID's fi*om a previously stored 
pool of xmassigned tracking ID's, which are periodically downloaded firom the master 
tracking con^uter system 3 10. In contrast to the centralized postage-issuing computer 
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systems 306/307, the centralized postage-issuing computer system 305 does not take part in 
the tracking ID issuing process. In this case, it is the master tracking computer system 310, 
rather than the centralized postage-issuing computer system 305, that transmits tracking ID's 
to the end user computers 308 over communications links 322 in response to requests by the 
5 end user computers 308 . 

In the illustrated embodiment, the master tracking computer system 310 is owned and 
operated by a postal authority (such as, e.g., the USPS), and is the principal device for 
allocating tracking ID's either directly to the end user computers 308 over communications 
links 322, or directly to tlae centraUzed postage-issuing computer systems 306 or 307 over 

1 0 conmiunications links 316, which then ultimately be transmitted to the end user computers 
308 over the communications Unks 314. In aa alternative embodiment, the master tracking 
computer system 3 10 is operated outside of the postal service 304. Because the USPS 
currently maintains such a master tracking service, however, it is preferable that tiie master - 
tracking computer system 310 be contained within the postal service 304. The postage 

15 validation computer system 3 12 is owned and operated by the postal authority, and is the 
principal device for verifying the postage on mail pieces. Although in the illustrated 
embodiment, the postage validation computer system 312 performs stand-alone verification, 
if additional validating information is needed, the postage validation computer system 312 
may optionally receive end user information from the centralized postage-issuing computer 

20 system 305/306/307 over communications links 318, or postage information associated with 
the tracking ID's from the master tracking computer system 310 over communications links 
320. 

Turning now to Figs. 4-7 and 33, the stractural details of tiie postage system 300 will 
now be described. With specific reference to Fig. 4, each end user computer 308 contains 

25 conventional computer hardware, including a user interface 402 with a keyboard 403, printer 
404, display 405, and optional scale 406 for weighing mail pieces, data processing circuitry 
408 (such as, e.g., a Central Processor Unit (CPU)) for executing programs, a 
communications interface 410 (such as, e.g., a modem, LAN connection, or Internet 
connection) for handling communications with the centralized postage-issuing computer 

30 system 305/306/307 over the communications link 3 14 or for handling communications with 
the master tracking computer system 310 over the communications link 322, and local 
memory 41 1 . The user interface 402 is configured to allow the end user to request unique 
tracking ID's and self-validating unique postage indicia and to enter postage information 
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associated with the unique tracking ID and postage indicium requests, as well as to print the 
Ui'iique tracking ID's and self-validating unique postage indicia on mail pieces. The local 
memory 411, which will typically include both random access memory and non-volatile disk 
storage, stores a set of mail handling procediires tibat are embodied in^ various software 
5 modules 412, and an end user database 414 that contains information needed by mail 
handling modules 412, including local account balance information, transaction records 
representiag all recent postage purchase transaction by the end user computer 308, and 
session encryption keys. Although the local memory 41 1 is depicted in Fig. 4 as a single 
memory device, it should be understood that it can be implemented in a multitude of memory 
10 devices as well. 

The mail handling modules 412 include a tracking ID request module 414, postage 
indicia request module 416, communications module 418, tracking ID printing module 420, 
and postage indicia printing module 422. The tracking ID request module 414 is configured 
for generating a request for a unique tracking ID. In the illustrated embodiment, this request 

15 takes the form of a query stream (e.g., ia Extensible Markup Letnguage (XML) format), and 
contaras postage information to be associated with the unique tracking BD, (such as, e.g., an 
Application Program Interface (API) user account ID and password, destination address for 
the mail piece, sender's complete address, weight of the mail piece, service class, and the 
arnoimt of postage). The postage indicia request module 416 is configured for generating a 

20 request for a self-validating imique postage indicium. In the illustrated embodiment, this 
request takes the form of a query stream (e.g., in XML format), and contains information 
specific to tiie immediate postage dispensing transaction (such as, e.g., the user's meter or 
accoimt ID, the user account password, postage requested, service class, optional data 
advance, and ZIP+4+2 of the delivery address). If used in conjunction with the tracking ID 

25 request module 414, the request generated by the postage indicia request module 416 will 
also contain the unique tracking ID when received firom the centraUzed postage-issuing 
computer system 305/306/307. 

The communications module 418 is configured for handling communications with the 
centralized postage-issuing computer system 305/306/307 over the communications link 314 
30 (such as, e.g., transmitting tracking ID requests and postage indicium requests and receiving 
tracking ID^s and self-vaUdating unique postage indicia in response thereto). The 
communications module 418 is also configured for handliug coiranunications with the master 
tracking computer system 310 over the communications link 322 (such as, e.g., transmitting 

30 

BNSDOCID: <WO 0304462QA2JA> 



wo 2003/044620 



PCTAJS2002/033024 



tracking ID requests and receiving tracking ID's in response thereto). It should be noted that 
the USPS currently provides a tracking JD service called "Webtools Shipping API,'' which 
allows end user computer 308 to obtain unique tracking ID's directly from its server The 
tracking ID printing module 420 is configured for printing the one-dimensional barcode 220 
5 corresponding to the tracking ID received from the centralized postage-issuing computer 
system 306/307 on the label 200. The postage indicia printing module 422 is configured for 
printing on the label 200 the two-dimensional barcode 206 corresponding to the self- 
validating unique postage indicium received from the centralized postage-issuing computer 
system 305/306/307. 

10 Referring specifically to Fig. 33, the centralized postage-issuing computer system 305 

comprises data processing circuitry 421 (such as, e.g., a Central Processor Unit (CPU)) for 
executing programs, a communications interface 423 (such as, e.g., a bank of modems, a 
LAN connection, or Internet connection) for handling communication with the end user 
computer 308 and postal service 304, and a local memory 424. The local memory 424, 

15 which will typically include both random access memory and non-volatile disk storage, stores 
a set of postage dispensing procedures that are embodied in various software modules 426. 
The local memory 424 also stores a customer database 428 of information about each of the 
user accounts received by the centraUzed postage-issuing computer system 306, a postage 
database 430 of records concerning each self-validating unique postage indicium generated 

20 by the centraUzed postage-issuing computer system 306, and a finance database 432 of 
records concerning each postage credit transaction in which fimds are added to a user 
account. 

For example, the customer database 428 may contain the following information: 
meter/license number, account status (active, hold, canceled, etc.), account name, account 

25 password (typically encrypted), user's name, user's company, user's street address, user's 
city, user's state, user's postal code, descending balance, ascending balance, current piece 
count (last serial nimiber used), origin/finance ZIP5 (for US Market), origin/finance city, 
origin/finance state, date initially placed in service, date of last transaction, maximum postage 
allowable per self-validating imique postage indicium, minimum allowable balance, 

30 minimum re-credit amount, maximum re-credit amount, user's cryptographic private signing 
key (typically itself encrypted), credit card or ACH account numbers (typically encrypted), 
and account conmients. The postage database 430 may contain the following information: 
date/time of transaction, piece number (serial number), weight, mail class, amount^ 
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destination address infonnation, or public key reference number (indicating which key was 
used by the centralized postage-issuing computer system 306 to digitally sign the unique 
postage indicium for this postage dispensing event). The finance database 432 may contain 
the following infomiation: date/time postage dispensed^ amoimt of transaction, type of funds 
5 transfer (e.g., credit card, check, etc.), and identifying ID (e.g., credit card number, check 
number). Although the local memory 424 is depicted in Fig. 5 as a single memory device, it 
should be understood that it can be implemented in a multitude of memory devices. 

The postage dispensing modiiles 426 include a communications module 434, database 
management module 436, tracking ID request module 438, postage indicium request 

10 validation module 440, and postage indicium generation module 442. The conununications 
module 434 is configured for handling communications with the end user computers 308 over 
the communications links 314 (such as, e.g., receiving tracking ID requests and postage 
indicium requests and transmitting tracking ID's and unique postage indicia). The database 
management module 436 is configured for storing and retrieving pertinent information in and 

15 firom the customer database 428, postage database 430, and finance database 432 with the 

pertinent information. The postage indiciimi request validation module 440 is configured for 
validating postage indicium requests received from the end user computer 308 by, e.g., 
validating the meter or account ID and account password in the postage indicium request in 
relation to the same information contained in the customer database 428. The postage 

20 indicium generation module 442, along with a corresponding private key 444, is configured 
for generating the self-validating unique postage indicium in response to each postage 
indicium request received &om the end user computer 308. 

In generating the self-validating xmique postage indicium, the postage indicium 
generation module 442 comprises (1) a postage indicium generation submodule 446 for 
25 generating a imique postage indicium containing the tracking ID and/or postage vendor 

ID/user accoimt/piece coimt; (2) a digital signature generation submodule 448 for deriving a 
digital signature from tiie unique postage indiciimi using the private key 444; and (3) an 
association submodule 450 for associating the digital signature with the unique postage 
indicium to generate the self-validating unique postage indicium. 

30 It should be noted that certain cryptographically important operations are optionally 

performed in a specialized cryptographic coprocessor such as the FIPS-140/Level 4 IBM 458 
co-processor. For instance, in the preferred embodiment, the private signing key appears in 
an unencrypted, operational form only within the confines of the co-processor. Similarly, the 
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decryption of the postage indicium request and the subsequent authentication of said request 
is also handled inside the cryptographic co-processor. While these functions can be 
performed in a generalized computer operating system environment, the addition of the 
cryptographic coprocessor to the overall schema provides for an xiltra-secure environment 
5 that is resistant to both outsider and insider attacks. 

In the illustrated embodiment, the self-validating imique postage indicium contains 
the same information as the postage indicixmi set forth in Table 1, with the exception that the 
destination zip code has been replaced with the tracking ID (if the postage indicium request 
contains a tracking ID) and the accoxmt-specific piece count has been moved into the portion 
10 of the postage indicium that is digitally signed, as set forth in Table 2. 



Table 2: Improved Unique Indicium Contents 



Item Number 


Field Name 


Size (Bytes) 


1 


Indicia Version Number 


1 


2 


Algorithm ID 


1 


3 


Certificate Serial Number 


4 


4 


Device ID 


8 


5 


Ascending Register 


5 


6 


Postage 


3 


7 


Date 


4 


8 


License ZIP 


4 


9 


Tracking Number 


5 


10 


Software ID 


6 


11 


Descending Register 


4 


12 


Rate Category 


4 


13 


Piece Coimt 


4 


14 


Signature 


40 



The "Indicia Version Number*' identifies the version number assigned by the USPS to 
15 the indicia data set. The "Algorithm ID" identifies the digital signature algorithm used to 
create the digital signature on the postage indicium. The "Certificate Serial Number" 
identifies the unique serial number of the certificate issued by the IBIP Certificate Authority. 
The 'T>evice ID" identifies the USPS-assigned ID for each postage vendor, and the user 
accoxmt for which the postage indicium will be issued. The "Ascending Register" identifies 
20 the total monetary value of all postage indicia ever produced for the user account. The 

"Postage" identifies the amount that will be applied to the mail piece. The *T)ate" identifies 
the date of mailing for a mail piece on which the postage indiciimi will be s^plied. The 
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"License ZIP" identifies the 5-digit zip code for the licensing post office. The ^Tracking 
Number'' identifies the xmique tracking ID issued by the USPS for that particular mail piece. 
The *Tiece Count" identifies the serial number for the mail piece produced for that user 
account. The "Software ID" identifies the end user computer software ID number. The 
5 ^Descending Register" identifies the postage value remaining in the user account. The **Rate 
Category" identifies the postage class, including any presort discount level, and rate. The 
"Signature" is the digital signature of items 1-13. It should be noted, however, that the digital 
signature can be derived jfrom any combination of the items, provided that the unique 
tracking number is included in the digital signing process. 

10 The overall advantage of fliis approach is that it ioserts at least one unique identifier in 

the digitally signed portion of the postage indicium. Not only does this allow detection of 
copy fimid, but the use of a tracking ID, which is scanned 100% of the time, leads to other 
security advantages. And this approach meets the current USPS desire to validate mail pieces 
in a stand-alone enviromnent. The scan will validate the digital signature on the postage 

15 indicium and present the tracking ID instead of the destination zip code in the case of tracked 
packages. There are other reasons for replacing the destination zip code in the digitally 
signed contents of the postage indicium. Not only is the destination zip code not unique, in 
many cases it does not exist For instance, mail pieces sent firom the United States to foreign 
countries do not contain a destination zip code in the postage indicium. Also, there is a class 

20 of IBIP-related technologies, such as postage strip printers and IBIP "sheet stamps," that do 
not include a destination zip code in the postage indicium. Since both venues print the 
address in a separate and distinct operation firom the postage indicium printing, the USPS has 
pOTnitted the destination zip code field in the postage indicium to be set to zeroes. This 
opens the door for copy fraud. 

25 Optionally, the destination zip code may be appended to the "vendor portion" of the 

postage indicium, which is an area of the postage indicium that is not scanned by the USPS 
and not digitally signed. 

Referring specifically to Fig. 5, the centralized postage-issuing computer system 306 
differs firom the centralized postage-issuing computer system 305 in that it provides means 
30 ttirougih which the master tracking computer system 310 issue tracking ID's to the end user 
computers 308. To the extent that the components of centralized postage-issuing computer 
systems 305 and 306 are similar, identical reference numbers have been used. In addition to 
the components contained in the centralized postage-issuing computer system 305, the 

34 

BNSDOCID- <WO 03O44e20A2JA> 



wo 2003/044620 



PCT/US2002/033024 



centralized postage-issuing computer system 306 comprises postage dispensing modules 427, 
which additionally include a tracking ID request module 438 and a communications module 
435. The tracking ID request module 438 is configured for generating and transmitting 
requests for unique tracking ID's to the master tracking computer system 3 10 in response to 
5 receivmg requests for unique tracking ID's from the end user computers 308. These requests 
take the form of query streams and contain the same information as in the tracking ID 
requests generated by the tracking ID request module 414 in each of the end user computers 
308. The communications module 435 is configured for handling communications with the 
end user computers 308 over the communications links 314 (such as, e.g., receiving tracking 
10 ID requests and postage indicixmi requests and transmitting tracking ID's and unique postage 
indicia). The communications module 435 is further configured for handling 
communications with the master tracking computer system 310 over the communications link 
316 (such as, e.g., transmitting tracking ID requests and receiving tracking ID*s). 

Referring specifically to Fig. 6, the centralized postage-issuing computer system 307 
1 5 differs from the centralized postage-issuing computer system 306 in that rather than 

requesting and receiving tracking ID's from the master tracking computer system 3 10 as 
tracking ID requests are received from the end user computers 308, the centralized postage- 
issuing computer system 307 stores a pool of unassigned tracking ID's previously received 
from the master tracking computer system 310 and allocates tracking ID's from this pool as 
20 tracking ID requests are received from the end user computers 308. To the extent that the 
components of centralized postage-issuing computer systems 306 and 307 are similar, 
identical reference numbers have been used. 

hi addition to the previously described components, the centrahzed postage-issuing 
computer system 307 comprises a local memory 452, which in addition to the previously 

25 described databases, stores a tracking ID database 454 of pre-stored unassigned tracking ID's 
received by the master tracking computer system 310, and a tracking information database 
456 for storing each tracking ID that has been issued to an end user computer 308 and the 
postage information associated with each tracking ID, i.e., the information contained in the 
tracking ED request. The centrahzed postage-issuing computer system 307 further comprises 

30 a set of postage dispensing modules 458, which in addition to the previously described 
modules, includes a tracking ID allocation module 460 in place of the trackmg ID request 
module 438, and a database management module 462 in place of the database management 
module 436. The tracking ID allocation module 460 is configured for allocating unique 
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tracking ID's from the tracking ID database 454 to the end user computers 308 in response to 
receiving tracking ID requests from the end user computers 308. In addition to performing 
the afore-described functions, the database management module 462 is fiirfher configured for 
storing pools of imassigned tracking ID's within the tracking ID database 454 as they are 
5 periodically received by the master tracking computer system 310, and for periodically 

retrieving postage information from the tracking information database 456 for transmission to 
the master tracking computer system 310. 

Referring specifically to Fig. 7, the master tracking computer system 310 comprises 
data processing circuitry 464 (such as, e.g., a Central Processor Unit (CPU)) for executing 

10 programs, a local memory 468, and a communications interface 466 (such as, e.g., a bank of 
modems , a LAN coimection, or Ihtemet connection) for handling commimication with the 
centralized postage-issuing computer systems 306/307 over communications links 316 or 
with the end user computers 308 over communications links 322. If the master tracking 
computer system 310 and the postage validation computer system 312 are not embodied in 

15 the same computer, the communications mterface 466 may also handle commimication with 
the postage validation computer system 312. The local memory 468, which will typically 
include both random access memory and non- volatile disk storage, stores tracking ID 
maintenance procedures that are embodied in various software modules 470. The local 
memory 468 also stores a tracking information database 472 for storing each tracking ID that 

20 has been issued to an end user computer 308 and the postage information associated with 
each tracking ID, i.e., the information contained in the tracking ID request. Although the 
local memory 468 is depicted in Fig. 6 as a single memory device, it should be understood 
that it can be implemented in a multitude of memory devices. 

The tracking ID maintenance modules 470 include a communications module 474, 
25 tracking ID allocation module 476, and database management module 478. The 

commimications module 474 is configured for handling communications with the centralized 
postage-issuing computer systems 306/307 over the commimications links 316, or with end 
user computers 308 over the commimications links 322 (such as, e.g., receiving single 
tracking ID requests and transmitting tracking ID's to and from the centralized postage- 
30 issuing computer systems 306 or end user computers 308, as weU as transmitting pools of 
unassigned tracking ID*s and receiving assigned tracking ID's and associated postage 
information to and from the centralized postage-issuing computer systems 307). The 
communications module 474 is also configured for handling communications with the 
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postage validation computer system 312 over the communications link 318 (such as, e.g., 
receiving requests for assigned tracking ID's, associated postage information, and current 
delivery status, and transmitting the assigned tracking ID's, associated postage information, 
and current deUvery status). The tracking ID allocation module 476 is configured for 
generating unique tracking ID's in response to receiving tracking ID requests from the 
centraKzed postage-issuing computer systems 306, or optionally from the end user computers 
308. The database management module 478 is configured for storing and retrieving assigned 
tracking ID's and associated postage information to and &om the tracking information 
database 472. Although the local memory 468 is depicted in Fig. 7 as a single memory 
device, it should be understood that it can be implemented in a multitude of memory devices. 

Referring specifically to Fig. 8, the postage validation computer system 312 
comprises data processmg circuitry 480 (such as, e.g., a Central Processor Unit (CPU)) for 
executing programs, a communications interface 482 (such as, e.g., a bank of modems, a ^ 
LAN connection, or Internet connection) for handUng coromunication with the centralized 
postage-issuing computer system 305/306/307, postage scanning stations 484, and a local 
memory 486. If the master tracking computer system 310 and the postage validation 
computer system 312 are not embodied in the same computer, the communications interface 
482 may also handle communication with the master tracking computer system 310. The 
postage scanning stations 484 include the software and hardware (including a barcode reader) 
necessary for reading the barcode information applied on each mail piece and displaying it in 
a human-readable format for postal verifiers. The local memory 486, which will typically 
include both random access memory and non-volatile disk storage, stores a set of postage 
validation procedures that are embodied in various software modules 488. The local memory 
also stores a meter information database 490 of information about each Ucensed postage 
meter, i.e., each end user computer 308, and a transaction database 491 for storing records 
concerning every mail piece validated or rejected by the postage validation computer system 
312, including the unique identifier(s) contained in the postage indicium, e.g., the tracking ID 
and postage vendor ID/user account/piece count (or ascending register). 

The postage validation modules 488 include a communications module 492, database 
management module 493, a postage indicia validation module 494, and imique identifier 
comparison module 495. The communications module 492 is configured for handling 
communications with the centralized postage-issuing computer s>^tems 305/306/307 over the 
communications links 318 (such as, e.g., receiving updated end user computer information 
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and public key information). The conununications module 492 is also configured for 
handling communications with the master tracking computer system 310 over the 
communications link 320 (such as, e.g.» transmitting requests for tracking ID associated 
postage information and receiving the tracking ID associated postage information). The 
5 database management module 493 is configured for storing and retrieving pertinent 

information to and fi-om the meter information database 490 and transaction database 49 L 

The postage indicia validation module 494 is configured for validating the postage 
indicia, and includes a pubUc key association submodule 496 for selecting a public key from 
the set of pubhc keys 497, as dictated by the certificate serial number (item #3 in Table 2) in 
1 0 the setf-validating unique postage indicium, and a digital signature verification submodule 
498, along with a selected pubUc key, configured for verifying the digital signature in the 
self-vaUdatkig unique postage indicium. 

The unique identifier comparison module 495 is configured for comparing the 
digitally authenticated unique identifier contained in the postage indicium to all of the unique 
15 identifiers previously stored in the transaction database 491 to detect copy fraud. That is, a 
match means that the unique identifier has been previously used, which is an indication of 
copy fraud. 

Referring specifically to Fig. 9, and with general reference to Figs. 3-5 and 7, a 
procedure for indirectly issuing a tracking ID from the master tracking computer system 310 

20 to the end user computer 308 via the centralized postage-issuing computer system 306 and 
applying it to the label 200 will now be described. At steps 500-504, the end user computer 
308 generates and transmits a request for a unique tracking ID to the centralized postage- 
issuing computer system 306, In particular, the end user operates the user interface 402 of 
the end user computer 308 to request a unique tracking ID and enter postage information to 

25 be associated with the unique tracking ID (step 500). As previously discussed, this postage 
information may contain the API user account ID and password, complete destination address 
for the mail piece, sender's complete address, weight of the mail piece, service class, and the 
amount of postage. The tracking ID request module 414 then generates a tracking ID request 
with the associated postage information (step 502). The commxmications interface 410 then, 

30 under control of the concmaunications module 41 8, transmits the tracking ID request over the 
communications link 314 (step 504). 
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At steps 506-510, the centralized postage-issuing computer system 306 receives the 
tracking ID request from the end user computer 308, and generates an identical tracking ID 
request, and transmits the tracking ID request to the master tracking computer system 310. In 
particular, the communications interface 423, under control of the communications module 
5 434, receives the tracking ID request over the commimications link 314 (step 506). The 
tracking ID request module 438 then generates a tracking ID request with the associated 
postage information, which is identical to the tracking ID request received from the end user 
computer 308 (step 508). Optionally, the database management module 436 stores the 
tracking information within a database, such as, e.g., a tracking information database (not 
10 shown). The commxmications interface 423 then, tmder control of the communications 

module 434, transmits the tracking ID request over the communications link 316 (step 510). 

At steps 512-518, the master tracking computer system 310 receives the tracking ID 
request from the centralized postage-issuing computer system 306, allocates a unique < 
tracking ID to the end user computer 308, records the unique tracking ID, along with the 

15 associated postage information, and transmits the unique tracking ID to the centralized 

postage-issuing computer system 306. In particular, the conununications interface 466, under 
control of the communications module 474, receives the tracking ID request over the 
communications link 316 (step 512). The tracking ID allocation module 476 then allocates a 
unique tracking ID to the end user computer 308, which typically will be the next tracking ID 

20 in a series of tracking ID's (step 514). The database management module 478 then stores the 
imique tracking ID, as well as the associated postage information contained within the 
tracking ID request received from the centralized postage-issuing computer system 306, 
within the tracking information database 472 (step 516). The communications interface 466 
then, xmder control of the commimications module 474, transmits tihe imique tracking ID over 

25 the commimications link 316 (step 5 1 8). 

At steps 520 and 522, the centralized postage-issuing computer system 306 receives 
the unique tracking ID from the master tracking computer system 310 and transmits the 
unique tracking ID to the end user computer 308. In particular, the communications interface 
423, under control of the communications module 434, receives the unique tracking ID over 
30 the communications link 316 (step 520). The communications interface 423 then, imder 
control of the communications module 434, transmits the tracking ID over the 
communications link 314 (step 522). 
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At steps 524 and 526, the end user computer 308 receives the tracking ID from the 
centralized postage-issuing computer system 306 and prints the tmcking ID on the label 200. 
In particular, the communications interface 410, under control of the communications module 
418, receives the unique tracking ID over the communications link 314 (step 524). The 
5 tracking ID printing module 420 then prints on the label 200 tiie standard tracking ID 218 as 
tihie one-dimensional barcode 220 (step 526). 

Referring specifically to Fig. 10, and with general reference to Figs. 3-4 and 6-7, a 
procedure for issuing a tracking ID from the centralized postage-issuing computer system 307 
to the end user computer 308 and applying it to the label 200 will now be described. At steps 
10 528-532, the end user computer 308 generates and transmits a request for a unique tracking 
ID to the centralized postage-issuing computer system 307. Steps 528-532 are similar to 
steps 500-504 described witii respect to Fig. 9 mid will thus not be described in detail here. 

At steps 534-540, the centralized postage-issuing computer system 307 receives the 
Mcking ID request from the end user computer 308, allocates a unique tracking ID to the end 

15 user computer 308, records the unique tracking ID, along with the associated postage 
information, and transmits the unique tracking ID to the end user computer 308. In 
particular, the communications interface 423, under control of the communications module 
434, receives the tracking ID request over the communications link 314 (step 534). The 
tracking ID allocation module 460 then allocates a unique tracking ID to the end user 

20 computer 308, which typically will be the next tracking ID in a series of trackmg ID's stored 
in the tracking ID database 454 (step 536). The database management module 462 then 
stores widiin the tracking information database 456 the unique tracking ID, as well as the 
associated postage information contained within the tracking ID request received from the 
end user computer 308 (step 538). The communications interface 423 then, under control of 

25 the communications module 434, transmits the tracking ID over the conununications link 314 
(step 540). 

At steps 542 and 544, the end user computer 308 receives the tracking ID from the 
centralized postage-issuing computer system 306 and prints the tracking ID on the label 200. 
Steps 542 and 544 are shnilar to steps 526 and 528 described with respect to Fig. 9 and will 
30 thus not be described in detail here. Periodically, such as, e.g., once a day, a pool of 

unassigned unique tracking ID's will be downloaded into the centralized postage-issuing 
computer system 307 from the master tracking computer system 310, and assigned tracking 
ID'S and the associated postage information will be uploaded from the centralized postage- 
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issuing computer system 307 to the master tracking computer system 310. Alternatively, 
rather than sending tracking information in batch mode, the tracking information can be 
transmitted to the master tracking computer system 310 in real-time, i.e., as the tracking ID's 
are assigned to the end user computers 308. 

5 The procedure for performing these downloading and uploading functions are now 

described with respect to Fig. 11. At steps 546-552, the centraUzed postage-issuing computer 
system 307 retrieves all of the accxmiulated assigned tracking ID's and associated postage 
information and transmits it to the master tracking computer system 310, and then the master 
tracking computer system 310 receives the tracking infomiation from the centralized postage- 

10 issuing computer system 307 and records it. In particular, the database management module 
462 retrieves the assigned tracking ID's and associated postage information from the tracking 
information database 456 (step 546). The cormnunications interface 423 then, under control 
of the commimications module 434, transmits the retrieved tracking information over the 
communications link 316 (step 548). The communications interface 466, under control of the 

1 5 communications module 474, receives the tracking information over the communications link 
316 (step 550). The database management module 478 then stores the tracking information 
in the tracking information database 472 (step 552). 

At steps 554-560, the master tracking computer system 310 generates a pool of 
unassigned tracking ID*s and transmits it to the centralized postage-issuing computer system^ 

20 307, and the centralized postage-issuing computer system 307 receives the pool of 

unassigned imique tracking ID's from the master tracking computer system 310 and records 
it. In particular, the database management module 478 generates a pool of xmassigned unique 
tracking ID's (step 554). The communications interface 466 then, under control of the 
communications module 474, transmits the pool of unassigned tracking ID's over the 

25 commimications link 316 (step 556). The communications interface 423, under control of the 
communications module 434, receives the tracking information over the commumcations link 
316 (step 558). The database management module 462 then stores the pool of imassigned 
unique tracking ID's in the tracking ID database 454 (step 560). 

Referring specifically to Fig. 12, and with general reference to Figs. 3-5 and 7-8, a 
30 procedure for directly issuing a tracking ID from the master tracking computer system 3 10 to 
the end user computer 308 and applying it to the label 200 will now be described. At steps 
562-566, the end user computer 308 generates and transmits a request for a unique tracking 
ID to the master tracking computer system 310. Steps 562 and 564 are similar to steps 500 
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and 502 described with respect to Fig. 9 and will thus not be described in detail here. After 
steps 562 and 564, the conmmnications interface 410, under control of the communications 
module 418, transmits tiie tracking ID request over the communications link 322 (step 566). 

At steps 568-572, the master tracking computer system 310 receives the tracking ID 
5 request from the end user computer 308, allocates a unique tracking ID to the end user 

computer 308, records the unique tracking ID, along with the associated postage information, 
and transmits the unique tracking ID to end user computer 308. In particular, the 
communications mterface 466, imder control of the communications module 474, receives 
the tracking ID request over the communications link 322 (step 568). The tracking ID 
1 0 allocation module 476 then allocates a unique tracking ID to the CTid user computer 308, 
which typically will be the next tracking ID in a series of tracking ID's (step 570). The 
database management module 478 then stores within the tracking information database 472 
the unique tracking ID, as well as the associated postage information contained within the 
tracking ID request received from the end user computer 308 (step 572). The 
15 communications interface 466 then, imder control of the communications module 474, 
transmits the unique tracking ID over the communications Link 322 (step 574). 

At steps 576 and 578, the end user computer 308 receives the tracking ID from the 
master tracking computer system 310 and prints the tracking ID on the label 200. In 
particular, the conmiunications interface 410, under control of the communications module 
20 418, receives the unique tracking ID over the communications Unk 322 (step 576). The 

tracking ID printing module 420 then prints on the label 200 the standard tracking ID 218 as 
the one-dimensional barcode 220 (step 578). 

Referring specifically to Fig. 13, and with general reference to Figs. 3-6, the 
procedure for dispensing and applying a self- validating unique postage indicium to the label 

25 200 will now be described. At steps 600-604, the end user computer 308 generates and 
transmits a unique postage indicium request to the centralized postage-issuing computer 
system 305/306/307. In particular, the end user operates the user interface 402 of the end 
user computer 308 to request a unique postage indicium and enter postage information to be 
associated with the unique postage indicium (step 600). As previously discussed, this 

30 postage information may contain the user's meter or account ID, the user account password, 
postage requested, service class, optional data advance, and ZIP+4+2 of the delivery address. 
If the end user computer 308 has previously obtained a trackmg ID directly from the master 
tracking computer system 310 by the process described in Fig. 12, the postage information 
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will also contain the tracking ID. In any event, the postage indicia request module 416 then 
generates a postage indicixim request with the associated postage information (step 602), The 
communications interface 410 then, under control of the communications module 418, 
transmits the postage indicium request over the communications link 314 (step 604). 

5 At steps 606-618, the centralized postage-issuing computer system 305/306/307 

receives the postage indicium request from the end user computer 308, validates it, records 
the postage information contained in the postage indicium request, as well as any other 
transaction specific pertinent information, generates a self-validating unique postage 
indicium, and transmits the self- validating unique postage indicium to the end user computer 

10 308. In particular, the communications interface 423, under control of the communications 
module 434, receives the postage indicium request over the communications link 314 (step 
606). The postage indicium request validation module 440 then validates the postage 
indicium request by validating the user account ID and account password (step 608). If the 
user account ID or password does not correspond to an active user account, an error message 

15 is generated. 

The database management module 436 then updates the customer database 428 and 
postage database 430 with the pertinent transaction specific information (step 610). If 
available, the database management module 436 will store the tracking ID in the postage 
database 430. The postage indicium generation module 442 then generates the selfrvalidating 

20 unique postage indicium (steps 612-616). Specifically, the postage indicium generation 

submodule 446 generates a unique postage indicium containing the items set forth in Table 2, 
including the unique identifier(s) (such as, e.g., the postage vendor ID/user account number 
in combination with the piece coimt or descending register number, and xmique tracking ID 
(if available) contained within the postage indicium request) (step 612). At this point, the 

25 unique postage indicium is not self-validating. The digital signature generation submodule 
448 then derives a digital signature from the unique postage indicium by applying the private 
key 444 thereto (step 614). The association submodule 450 then generates the self-vaUdating 
unique postage indicium by associating the digital signature with the unique postage indicium 
(step 616). The communications interface 423 then, under control of the commimications 

30 module 434, transmits the self-validating unique postage indicium over the communications 
link 314 (step 618). 

At steps 620 and 622, the end user computer 308 receives the self-validating unique 
postage indicium from the centralized postage-issuing computer system 305/306/307 and 
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prints it on the label 200. In particular, the conuniinications interface 410, under control of 
the communications module 418, receives the self-validating unique postage indicium over 
the communications link 314 (stq) 620). The postage indicia printing module 420 then prints 
on the label 200 the two-dimensional barcode 206 corresponding to the self-vaUdating unique 
5 postage indicium (step 622). The label 200 can then be applied to the appropriate mail piece. 

It should be noted that although the tracking ID acquisition and printing processes 
described with respect to Fig. 9-12, and the postage indicium acquisition and printing process 
described with respect to Fig. 13, have been described as distinct functions, these processes 
are preferably performed as a single process as experienced by the end user. For example, 

10 the tracking ID and postage indicium requests will be separately generated and transmitted 
from the end user computer 308, but will be prompted by the single click of a mouse on, e.g., 
a "print button." Upon the acquisition of both the tracking ID and postage indicium, the 
barcodes will be printed on the label 200 as a single step. If either or both of the tracking ID 
and postage indicium are not returned successfully, nothing is printed on the label 200. For 

15 example, if the postage indicium request fails for any reason, the entire process is aborted 
even through a tracking ID has been issued, in which case, it will be "orphaned." 

Referring to specifically Fig. 14, and with general reference to Figs. 4-7, the 
procedures for vahdating the postage on a mail piece using a stand-alone procedure will now 
be described. It should be noted that the order of the validation steps in the procedure is 

20 completely variable and will likely vary from implementation to implementation. At step 
700, the postal verifier operates a postage scanning station 484 within the postage validation 
computer system 312 to read the self-vaUdating postage indicium (i.e., the two-dimensional 
barcode 206) on the mail piece and display its contents to the verifier. At step 702, the 
verifier then manually compares the contents of the two-dimensional barcode 206 to the 

25 hiimaa-readable information (e.g., mailing date, postage amount, origin of mail piece, and 
destination of mail piece). If the barcode information does not match the human-readable 
information, this is an indication of likely fraudulent use of a postage indicium and is treated 
as such. Further details on this comparison process are disclosed in U.S. Patent No. 
6,005,945, which has previously been incorporated herein by reference. 

30 At steps 704-706, the postal verifier vahdates the postage indicium itself by operating 

the postage indicia validation module 494. In particular, the pubUc key association 
submodule 496 obtains from the set of public keys 497 the public key corresponding to the 
Certificate Serial Number (item #3 in Table 2) within the postage indicium (step 704). The 
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digital signature verification submodule 498 then verifies the digital sigaature of the postage 
indicium (step 706) to determine if they are consistent. If the signature verification process 
returns a Boolean true, this indicates that the postage indicium was in fact generated by a 
secure central computer 305/306/307 for a mail piece of the same ^proximate weight, origin 
5 and destination as the mail piece being processed. 

This will not, however, detect copy fi-aud. Thus, at step 708, the unique identifier 
comparison module 495 compares the unique identifier(s) of the mail piece (i.e., the unique 
tracking ID (if available), and the postage vendor ID/user account/piece count (or ascending 
register)) with the set of unique identifiers previously stored in the transaction database 491. 
10 If the unique identifier of the current mail piece matches at least one of the unique identifiers 
stored in the transaction database 491, copy firaud is assumed, or at least suspected. If flie 
unique identifier of the current mail piece does not match at least one of the unique identifiers 
stored in tiie transaction database 491, copy firaud is not assumed, although copy fiaud inay 
be detected if a firaudulent duplicate of the postage indicium is subsequently processed. 

15 It is worth noted that copy firaud detection using this process works with respect to 

any mail piece of any nature only if the unique identifiers contained in the postage indicia of 
all mail pieces are scanned and entered into the transaction database 491. Alternatively, copy 
fi-aud detection using this process works with respect to any mail piece fliat carries a tracking 
ID if the tracking ID's contained in the postage indicia of all of these types of mail pieces are 

20 scamied and entered into the transaction database 491 . Currently, however, the USPS only 
spot checks the postage indicia, and thus copy firaud may be currently difficult to detect using 
copy fi-aud— at least until the USPS scans 100% of the postage indicia. For example, if the 
postage indicia is checked only 10% of time, statistically, copy fiaud will only be detected 
1% of the time. 

25 Alternatively, when spot checking is tiie norm, detection of copy fraud in mail pieces 

that carry imique tracking ID's can be maximized by comparing the unique tracking ID 
contained in the postage indicium with the standard tracking ID printed on the mail piece 
(step 710). Thus, if the unique tracking ID contained in the postage indicium does not match 
the tracking ID contained elsewhere on flie mail piece, copy firaud is suspected. It is noted 

30 that the one-dimensional barcode 220 associated with the tracking ID is scanned 100% of the 
time in the normal course of the USPS tracking business, and thus, a copyist will not attempt 
to dupUcate one-dimensional barcodes 220 along with the unique postage indicia, but will 
rather only attempt to duplicate the unique postage indicia hoping that the tracking ID's 
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contained therein will not be compared with the tracking ID's associated with the one- 
dimensional barcodes 220. Thus, if flie postage indicia is checked 10% of the time, copy 
fraud will be detected 10% of the time-a significant improvement. 

It should be noted that additional transaction information can be obtained firom the 
5 centralized postage-issuing computer system 305/306/307 or master tracking computer 

system 310 over the commimications links 318 and 320. This process will not be described 
in further detail. After the postage has been validated or rejected, the database management 
module 493 stores the postage information, including the unique identifier(s) contained 
within the postage indicium within the transaction database 491, along with the results of the 
10 validation process (step 712). If valid, the mail piece is then submitted for normal delivery 
processing (step 714). 

With reference to Fig. 15, a postage system 350 comprises a centralized postage 
indicia generation system 352, which includes a multitude of centralized postage-issuing 
computer systems 356, each of which includes a multitude of end user computers 358. Tlie 

15 postage system 350 also generally comprises a postal service 354, which includes an optional 
master tracking computer system 360 and a postage validation computer system 362. The 
centralized postage-issuing computer system 356, end user computer 358, master tracking 
computer system 360, and postage validation computer system 362 communicate with each 
other over communications links 364-370 (such as, e.g., LAN, Internet, or telephone 

20 network). 

These components are generally similar to the same-named components of the 
postage system 300, but differ somewhat in that it provides a means for validating postage 
indicia in a non-stand-alone verification system using indexing identifiers. In this 
embodiment, in response to requests for postage fi:om end user computers 358, each 

25 centralized postage-issuing computer system 356 generates postage indicia, and rather than 
transmitting it to the end user computers 358, indexes and stores the postage indicia. The 
postage indicia are indexed using indexing identifiers, which are transmitted to the end user 
computers 358 for printing on the mail pieces. In the illustrated embodiment, the indexing 
identifiers are unique within the postage service 354. Thus, at least for a significant period of 

30 time, e.g., one year, no two unique indexing identifiers will be identical, thereby providing a 
reliable means for detecting mail fiaud. The xmique indexing identifiers can be composed of 
numbers, letters, or a combination thereof, and can be composed of tracking BD's postage 
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vendor ID/user account/piece count (or ascending register) combinations, sinailar to the 
unique identifiers described with respect to the postage system 300. 

These printed indexing identifies can then be subsequently used by the postage 
service 354 to obtain the stored postage indicia firom the centralized postage-issuing computer 
5 systems 356. The centralized postage indicia generation methodology offers a host of new 
security enhancements. Thus, if one makes the assumption that any mail piece validation tool 
would have access to the Intemet (e.g., a laptop with a wireless Intemet connection on a 
loading dock, or a desktop personal computer (PC) located in a mail processing facility), then 
one may greatly simplify the ioformation contained on the mail piece itself if the mail piece 
10 was generated with a centralized postage service. 

Turning now to Figs. 16-18, the structural details of the postage system 350 will now 
be described. For purposes of brevity, the tracking ID related components have not been 
included in the stmcture details of the postage system 350. It should be noted, however, that 
such tracking ID components could be incorporated in the postage system 350 to provide 
15 tracking ID functionality to the postage system 350 similar to that of the postage system 300. 

With specific reference to Fig. 16, each end user computer 358 contaias conventional 
computer hardware, including a user interface 802, data processing circuitry 808 (such as, 
e.g., a Central Processor Unit (CPU)), and communications interface 810, which are similar 
to the same-named components of the previously described end user computer 308 and will 
20 thus not be described in further detail. The end user computer 358 further comprises local 
memory 811, which is similar to the local memory 411 of the previously described end user 
computer 308, with the exception that it includes a set of mail handling modules 812 
configured to handle indexing identifiers, rather than tracking ID*s and postage iadicia. 

Specifically, the mail handling modules 812 include an indexing identifier request 
25 module 814, communications module 818, and indexing identifier printing module 820. The 
indexing identifier request module 814 is configured for generating a request for an indexing 
identifier. In the illustrated embodiment, this request takes the form of a query stream (e.g., 
in Extensible Markup Language (XML) format), and contains information specific to the 
immediate postage dispensing transaction (such as, e.g., the user's meter or account ID, the 
30 user account password, postage requested, service class, optional data advance, and ZIP+4+2 
of the delivery address). The communications module 818 is configured for handling 
commimications with the centralized postage-issuing computer system 356 over the 
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communications link 364 (such as, e.g., transmitting indexing identifier requests and 
receiving indexing identifiers in response thereto). The indexing identifier printing module 
820 is configured for printing an indexing identifier 203 received from the centralized 
postage-issuing computer system 356 on a label 201. The completed label 201 is similar to 
5 the completed label 200 illustrated in Fig. 4, wifli the exception that the indexing identifier is 
printed thereon rather than a postage indicium and tracking ID. 

The indexing identifier can be printed on the label 201 in various formats. For 
example. Fig. 19 illustrates a two-dimensional barcode 256, which represents the indexing 
identifier. As can be seen, the two-dimensional barcode 256 is much smaller than two- 

10 dimensional barcodes that represent a fiill postage indiciimi, because it contains much less 
information, i.e., a unique identifier. In this case, the unique identifier is composed of a 
postage vendor ID (07), user account number (500361), and piece count (1221^piece 
generated for this user account). In fact, the information makes the indexing identifier is so 
minimal, that a one-dimensional barcode can be used. For example, a Code 128 barcode 258 

15 illustrated in Fig. 20, or postal-specific barcode topology, such as the POSTNET or PLANET 
barcode 260 illustrated in Fig. 21, can be used to represent the postage vendor ID, accoxmt 
number, and piece count of the indexing identifier. Even more altematively, use of a barcode 
can be omitted altogether, and the indexing identifier can simply be printed on the mail piece 
as numerical data 262, as illustrated in Fig. 22. The numerical data 262 can be read by 

20 Optical Character Recognition (OCR) software, the speed of which is compatible with mail 
processing requirraients. Note that although the examples in Figures 19, 20, 21 and 22 used 
the unique combinations of postage vendor ID, account number and piece covint, one could 
alternately employ a postal authority assigned tracking number as the unique indexing 
identifier. 

25 Thus, the use of smaller two-dimensional barcodes or the simpler one-dimensional 

barcodes or digital data reduces the footprint required on the mail piece, and leaves that much 
more room for addressing, advertising, etc. This reduction in data also reduces the load on 
high speed printers, which have difficulty placing custom, non-static barcode images on mail 
pieces without compromising their rated speed (often 10,000-30,000 pieces per hour). 

30 Standard text can be printed at fiill speed, and most high-speed printers have one-dimensional 
barcode software (e.g.. Code 128) in the printer firmware. Therefore, use of an indexing 
identifier, rather than a fiill postage indiciimi, opens the IBIP market to mass mailers, which 
account for tiie bulk of USPS letter mail revenue. Not only will use of the indexing identifier 
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reduce printing costs, it will also reduce capital expenditure costs for barcode reading 
hardware. If OCR readable data is used for the indexing identifier, OCR capabiMes, which 
the USPS already has extensive experience, can be used. 

With specific reference to Fig. 17, each centraUzed postage-issuing computer system 
356 comprises data processing circuitry 820 (such as, e.g., a Central Processor Unit (CPU)) 
and a communications interface 822, which are similar to the same-named components of the 
previously described centraKzed postage-issuing computer system 305 and will thus not be 
described in further detail. The centralized postage-issuing computer system 356 further 
comprises a local memory 824, which is similar to the local memory 424 of the previously 
described centralized postage-issuing computer system 305, with the exception that it 
includes a set of postage dispensing modules 826 configured to index and store postage 
indicia, and transmit an indexing identifier, rather than the complete postage indicia, to the 
end user computers 358. The local memory 824 fiirther includes, in addition to a customer - 
database 828, postage database 830, and finance database 832, a postage indicia database 831 
for storing the indexed postage indicia. 

Specifically, the postage dispensing modules 826 include a communications module 
834, database management module 836, indexing module 838, indexed identifier request 
vaUdation module 840, and postage indicium generation module 842. The communications 
module 834 is configured for handling conmiunications with the end user computers 358 over 
the communications links 364 (such as, e.g., receiving indexing identifier requests and 
transmitting indexing identifiers). The database management module 836 is configured for 
storing and retrieving pertinent infonnation in and firom the customer database 828, postage 
database 830, and finance database 832, as well as for storing and retrieving indexed postage 
indicia in and from the postage indicia database 831. The postage indicia can include, e.g., 
the postage amount, date and time the postage indicium was created, service class, optional 
data advance, deUvery zip code, and tracking ID (if the mail piece is a tracked piece). The 
indexing identifier request vafidation module 840 is configured for validating indexing 
identifier requests received fiom the end user computer 358 by, e.g., vaUdating tiie meter or 
account ID and account password in the indexing identifier request in relation to tiie same 
information contained in the customer database 828. 

The postage mdicium generation module 842, along witii a corresponding private key 
844, is configured for generating a self-validating postage indicium in response to each 
indexing identifier request received firom flie end user computer 358. In generating the self- 
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validating postage indicium, the postage indicium generation module 842 comprises (1) a 
postage indicium generation submodule 846 for generating a postage indicium; (2) a digital 
signature generation submodule 848 for deriving a digital signature from the postage 
indicium using the private key 844; and (3) an association submodule 850 for associating the 
5 digital signature with the postage indicium to generate the self-validating postage indicium. 
In the illustrated embodiment, the self-validating postage indicium contains the same 
ioformation as the postage indicium previously set forth in Table 2. The indexing module 
838 is configured for associating the indexing identifier transmitted to the end user computer 
358 with the postage indiciimi stored within the postage indicia database 831. 

10 It is noted that the eUmination of the digital signature on the mail piece itself does not 

compromise security, since the postage indiciimi stored in the postage indicia database 831 of 
the centralized postage-issuing computer system 356 is digitally signed in accordance with 
the USPS IBIP ^ecifications. The presence of the digital signature somewhere in the 
security model addresses one major concem of the USPS — ^that firaud attacks are very likely 

15 to involve "insiders" employed by the postage vendor. To fiirther ensure that the security 
system is impervious to even an insider attack, all security-critical operations such as 
indicium signing are actually accomplished within a Federal Information Processing Standard 
(FIPS-140/Level 4)-approved, physically secure coprocessor device (such as, e.g., an IBM 
4758). 

20 With specific reference to Fig. 18, tiie postage validation computer system 362 

comprises data processing circuitry 880 (such as, e.g., a Central Processor Unit (CPU)), and 
communications interface 882, which are similar to the same-named components of the 
previously described centralized postage-issuing computer system 305 and will thus not be 
described in fiulher detail. The postage validation computer system 362 fiirther comprises 

25 postage scaiming stations 884, include the software and hardware necessary for reading the 
indexed identifiers on each mail piece and displaying it in a human-readable format for postal 
verifiers. If the indexed identifiers are printed on the mail pieces in a two-dimensional or 
one-dimensional barcode format, the postage scanning stations will be equipped with barcode 
readers and accompanying soflware capable of reading these barcodes. If the indexed 

30 identifiers are printed on the mail pieces in a numerical data format, the postage scanning 
stations 884 wiU include OCR equipment. The postage validation computer system 362 
fiirther comprises a local memory 886, which is similar to the local memory 486 of the 
previously described central postage validation computer system 312, with the exception that 
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it validates mail pieces using the postage indicia obtained from the centralized postage- 
issuing computer system 356, rather than postage indicia printed on the mail pieces. 

The postage validation modules 888 include a communications module 892, database 
management module 893, postage indicia validation module 894, and postage indicia request 
5 module 895. The postage indicia request module 895 is configured for generating a request 
for postage indicium. In the illustrated embodiment, this request takes the form of a query 
stream (e.g., in Extensible Markup Language (XML) format), and contains the indexing 
identifier read from the mail piece and a password. The communications module 818 is 
configured for handling communications with the centralized postage-issuing computer 

10 system 356 over the communications link 368 (such as, e.g., transmitting postage indicium 
requests and receiving postage indicia in response thereto). The postage indicia validation 
module 894 is configured for validating the postage indicia obtained from the centralized 
postage-issuing computer system 356, and includes a public key association submodule 896, 
public keys 897, and digital signature verification submodule 898, which are similar to the 

15 same-named components in the previously described postage validation computer system 
3 12, and will thus not be ftirther described. 

Referring to specifically Fig. 23, and with general reference to Figs. 15-17, tlie 
procedures for indexing a postage rndiciimi and applying an indexed identifier to the label 
201 will now be described. At steps 900-904, the end user computer 358 generates and 

20 transmits a iadexing identifier to the centralized postage-issuing computer system 356. In 
particular, the end user operates the user interface 802 of the end user computer 804 to 
request an indexing identifier and enter postage information to be associated with the postage 
indicium (step 900). The indexing identifier request module 814 then generates an indexing 
identifier request with the associated postage information (step 902). The communications 

25 interface 810 then, under control of the communications module 818, transmits tiie indexing 
identifier request over the communications link 364 (step 904). 

At steps 906-910, the centralized postage-issuing computer system 356 receives and 
vaUdates the indexing identifier request from the end user computer 358, and records the 
postage information contained in the postage indicium request, as well as any other 
30 transaction specific pertinent information. In particular, the communications interface 822, 
imder control of the conununications module 834, receives the indexing identifier request 
over the communications link 364 (step 906). The indexing identifier request validation 
module 840 then validates the indexing identifier request by validating the user account ID 
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and account password (step 908), If the user account ID or password does not correspond to 
an active user account, an error message is generated. The database management module 836 
then updates the customer database 828 and postage database 830 with the pertinent 
transaction specific information (step 910). 

5 At steps 912-916, the centralized postage-issuing computer system 356 then generates 

the self-validating unique postage indicium. Specifically, the postage indiciimi generation 
submodule 946 generates a postage indicium containing the items set forth in Table 2 (step 
912), The digital signature generation submodule 848 then derives a digital signature from 
the postage indicium by applying the private key 844 thereto (step 914). The association 

10 submodule 850 then generates the self-validating postage indicium by associating the digital 
signature with the postage indicium (step 916). 

At steps 918-922, the centralized postage-issuing computer system 356 then indexes 
and records the self- validating postage indicium, and transmits the indexing identifier to the 
end user computer 358. Specifically, the indexing module 838 indexes the self-validating 
15 postage indicitrai by associating the indexing identifier therewith (step 918). The database 
management module 836 then stores the indexed self-validating postage indicium in the 
postage indicia database 831 (step 920). The communications interface 822 then, tmder 
control of the communications module 834, transmits the indexing identifier over the 
communications link 314 (step 922). 

20 At st^s 924 and 926, the end user computer 554 receives the indexing identifier firom 

the centralized postage-issuing computer system 356 and prints it on the label 201. In 
particular, the communications interface 810, under control of the communications module 
818, receives the indexing identifier over the conmiunications link 364 (step 924). The 
mdexing identifier printing module 820, prompted by the end user via the user interface, then 

25 prints on the label 201 the two-dimensional barcode 256, either of the one-dimensional 

barcodes 258 or 260, or the alpha-numerical data 262 (step 926). The label 201 can then be 
applied to the appropriate mail piece. 

Referring to specifically Fig. 24, and with general reference to Figs. 15, 17, and 18, 
the procedures for validating the postage on a mail piece using a non-stand-alone procedure 
30 will now be described. It should be noted that the order of the vaUdation steps ia the 
procedure is completely variable and will likely vary from implementation to 
implementation. 
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At step 1000, the postal verifier operates a postage scanning station 884 within the 
postage validation computer system 362 to read the indexing identifier (i.e., the two- 
dimensional barcode 256, one-dimensional codes 258 or 260, or alpha-numerical data 262) 
on the label 201 of the mail piece and display its contents to the verifier. 

5 At steps 1002-1004, the postage validation computer system 362 requests firom the 

centralized postage-issuing computer system 356 the self-validating postage indicium 
associated with the indexing identifier read Jfrom the mail piece. In particular, the postage 
indicia request module 895 generates a postage indicium request carrying the indexing 
identifier and the password (step 1002). The conununications interface 882 then, under 
10 control of the commimications module 892, transmits the postage indiciiun request over the 
communications link 368 (step 1004). 

At steps 1004-1010, the centralized postage-issuing computer system 356 then 
receives the postage indiciimi request, and retrieves and transmits to the postage validation 
computer system 362 the seLf-validatrug postage indicixun correspondiag to the inspected 

1 5 mail piece. In particular, the communications interface 822, under control of the 

communications module 834, receives the postage indiciimi request over the communications 
link 368 (step 1006). The database management module 836 then retrieves from the postage 
indicia database 831 the self- validating postage indicium corresponding to the received 
indexing identifier (step 1008), The communications interface 822 then, tmder control of the 

20 conununications module 834, transmits the self-validating postage indicium over the 
communications hnk 368 (step 1010). 

At steps 1012 and 1014, the postage validation computer system 362 receives the self- 
validating postage indicium from the centralized postage-issuing computer system 356 and 
displays its contents to the postal verifier. In particular, the commimications interface 882 

25 then, under control of the commxmications module 892, receives the self- validating postage 
indicium from the centralized postage-issuing computer system 356 over the communications 
link 368 (step 1012), and the postage scaiming station 884 displays its contents to the postal 
verifier (step 1014). At step 1016, the verifier then manually compares the contents of the 
self-validating postage indicium to the hiunan-readable information (e.g., mailing date, 

30 postage amount, origin of mail piece, and destination of mail piece) on the mail piece. If the 
contents of the self-validating postage indicixmi do not match the human-readable 
information, this is an indication of likely fraudulent use of a postage indicium and is treated 
as such. 
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At steps 1018-1020, the postal verifier validates tiie postage indiciuin itself by 
operating the postage indicia validation module 894. In particular, the public key association 
submodule 896 obtains firom the set of pubUc keys 897 the public key corresponding to the 
Certificate Serial Number (item #3 in Table 2) within the postage indicium (step 1018). The 
5 digital signature verification submodule 898 then verifies the digital signature of the postage 
indicium to determine if they are consistent (step 1020). If the verification process returns a 
Boolean true, this indicates that the postage indicium was in fact generated by a secure 
central computer 356 for a mail piece of the same approximate weight, origin and destination 
as the mail piece being processed. If copy jfraud is to be detected, a copy firaud detection 
10 process using unique identifiers or similar to the process disclosed with respect to Fig. 14 can 
be utilized. 

After the postage has been validated or rejected, the database management module 
893 stores the postage information, along with the results of the validation process (step 
1022). If vahd, the mail piece is then submitted for normal delivery processing (step 1024). 

15 It should be noted that rather than have the postal verifier vahdate the postage 

indicium, the centralized postage-issuing computer system 356 itself can validate the postage 
indiciimi. In this case, the postage indicia validation module 894 will be located in the 
centralized postage-issuing computer system 356. Thus, after fiie centralized postage-issuing 
computCT system 356 retrieves the self-validating postage indicimn corresponding to the 

20 indexing identifier at step 1008, it wiU validate the postage indicium itself using a 

corresponding public key. If it is valid, the centralized postage-issuing computer system 356 
will transmit a Boolean true, along with flie already validated postage indicium, to the 
postage validation computer system 362, which will then perform postage validation steps 
1012, 1014, 1020, and 1022. If it is invalid, the centralized postage-issuing computer system 

25 356 will transmit a Boolean false to the postage validation computer system 362, which will 
then store the results of the validation process as being invalid at step 1020. 

The use of an tracking ID as an indexiug identifier not only allows the postal service 
to validate the postage on mail pieces that bear the tracking ID, it provides the recipient of the 
mail piece a means for verifying that the mail piece was sent from a trusted individual. 
30 Referring to Figs. 34 and 35, a means is provided for allowing a mail recipient to enter a 

tracking nimiber (Fig. 34) and obtaining identification information concerning the sender of 
the mail piece bearing the tracking number (such as, e.g., the name of the sender, employer of 
sender, if applicable, and the address and zip code of the sender) and related postage 
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information (such as, e.g., the date the mail piece was sent, the weight of the mail piece, mail 
class, etc) (Fig. 35). The centraUzed postage-issuing computer system 356 illustrated in Fig, 
17, and a mail recipient computer 378 illustrated in Fig. 36 are used to perform this process. 

The centralized postage-issuing computer 356 is configured in the same manner as 
5 previously described, but now optionally stores information relating to the sender of the mail 
piece. This can be stored in the postage database 830 or elsewhere. In reality, as a matter of 
course, the sender information is routinely stored in the centralized postage-issuing computer 
356, as well as transmitted to the USPS, when the sender obtains an account with the postage 
vendor. Thus, these "meter holders" are known to the postage vendor and the USPS, and can 
10 be considered to be trusted individuals or entities. 

Importantly, this sender identification information, along with postage information, 
can be easily retrieved by the centralized postage-issuing computer 356 upon receipt of the 
indexing identifier, and specifically, an associated tracking ID. With specific reference to 
Fig. 36, the mail recipient computer 378 is similar to previously described end user 

15 computers in that it contains conventional computer hardware, including a user interface 
1302, data processing circuitry 1308 (such as, e.g., a Central Processor Unit (CPU)) for 
executing programs, a communications interface 1310 (such as, e.g., a modem, LAN 
connection, or Internet connection) for handling communications with the centralized 
postage-issuing computer system 356 over a communications link 384, and local memory 

20 1311. The user interface 1302 is configured to allow the mail recipient to request sender and 
related postage information. The local memory 1311, which will typically include both 
random access memory and non-volatile disk storage, stores a set of sender verification 
procedinres that are embodied in software modules 1312, which includes a sender 
identification request module 1314 and a communications modxxle 1318. 

25 The sender identification request module 1314 is configured for generating a request 

for sender identification information, along with associated postage information. In the 
illustrated embodiment, this request takes the form of a query stream (e.g., in Extensible 
Markup Language (XML) format), and contains tihe unique tracking ID printed on the 
received mail piece. The communications module 1318 is configured for handling 

30 communications with the centralized postage-issuing computer system 356 over the 
conununications link 384 (such as, e.g., transmitting sender identification requests and 
receiving sender identification information and associated postage information in response 
thereto). 
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Referring to Fig, 37, and with general reference to Figs. 34-36, the procedures for 
verifying the sender of a mail piece will now be described. It is assumed that the tracking ID 
(as the indexing identifier) and sender identification information, along with the postage 
information, has already been recorded in the centralized postage-issiung computer system 
5 356, and specifically the postage database 830, when the tracking number and postage was 
issued to the end user presumably, the sender of the mail piece). At steps 1400-1404, the 
mail recipient computer 378 generates and transmits a request for sender identification 
information to the centralized postage-issuing computer system 356 by entering the tracking 
ID printed on the received mail piece into the user interface 1302, which displays a window 
10 similar to the one illustrated in Fig. 34. The sender identification request module 414 then 
generates a sender identification request with the associated tracking ID (step 1402). The 
communications interface 1310 then, under control of the cormnunications module 1318, 
transmits the sender identification request over the communications link 384 (step 1404). 

At steps 1406-1410, the centralized postage-issuing computer system 356 then 
15 receives the sender identification request, and retrieves and transmits to the mail recipient 
computer 378 the sender identification information and associated postage information 
corresponding to the received mail piece. In particular, the commimications interface 822, 
under control of the communications module 834, receives the sender identification request 
over the communications link 384 (step 1406). The database management module 836 then 
20 retrieves fi*om the postage database 830 the sender identification information and associated 
postage information corresponding to the received tracking ID (step 1408). The 
communications interface 822 then, under control of the commumcations module 834, 
transmits the sender identification information with the associated postage information over 
the communications link 384 (step 1410). 

25 At steps 1412 and 1414, the mail recipient computer 378 receives the sender 

identification information and associated postage information from the centralized postage- 
issuing computer system 356 and displays it to the mail recipient. In particular, the 
communications interface 1302 then, imder control of the communications module 1318, 
receives the sender identification information and associated postage information from the 

30 centralized postage-issuing computer system 356 over the communications link 384 (step 

1412), and the user interface 1302 displays this information to the mail recipient (step 1414), 
and specifically in a window similar to that illustrated in Fig. 35. Thus, the mail recipient can 
determine from this whether the sender is a trusted entity, e.g., if the mail recipient is familiar 
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with the displayed name of the sender. It should be noted that the fact that the centralized 
postage-issuing computer system 356 was capable of retrieving and transmitting the sender 
identification information to the mail recipient computer 378 for display thereon is a strong 
indication that the sender is a trusted entity, since individuals or entities that maintain 
5 accounts with the postage vendor can typically be considered to be trusted. An insidious 
individual bent on wreaking havoc through the postal system would typically not maintain a 
trackable account with a postage vendor. 

The use of a tracking ID in the postage indicium or as an indexing identifier not only 
facilitates the postal service in detecting postage firaud and protecting package recipients firom 

10 insidious individuals, but also facilitates the postal service in issuing refimds for unused 
postage. Consider a misprint scenario where an end user attempts to print an Express Mail 
label and the printing process fails in some way even though the postage was issued. The end 
user still wants to ship the package, so he/she will take corrective measures and print a 
second Express Mail label. The second label wiU have the identical destination address (in 

15 particular the same ZIP+4+2 zip code, the same postage amount, but a different tracking ID, 
which is issued on a per-print basis. This scenario creates a database structure that 
conceptually holds the information set forth in Table 3 below. 



Table 3: Express Mail Label Misprint Scenario 



Date/Time 


Account 


ZIP+4+2 


Service 
Class 


Postage 


Weight 


Piece 
Count 


Tracking 
Number 


Delivery 
Status 


9/9/01: 
15:16:01 


500318 


94301104147 


Express 


22:34 


4 


2445 


330343434334 


Subnaitted 


9/9/01: 
15:19:01 


500318 


94301104147 


Express 


22:34 


4 


2446 


330343456301 


Delivered 



20 

A digital signature protects the integrity of the information in the database. It should 
be noted that the data set forth in Table 3 alone is strongly suggestive of a misprint scenario. 
But a much stronger case can be made several days later, when the tracking ID's can be 
statused against the postal authority's (e.g., USPS) tracking system using a simple Intemet 
25 transaction. If the end user never mailed a package with the first label (tracking ID 

330343434334), it will never achieve a status of "delivered." On the other hand, one should 
see a "delivered" status on the second transaction if one waits a sufficient amount of time 
(e.g., 2-10 days). 
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With reference to Fig. 25, a postage system 380 comprises a centralized postage 
indicia generation system 382, which includes a multitude of centralized postage-issuing 
computer systems 386, each of which includes a multitude of end user computers 388. The 
postage system 380 also generally comprises a postal service 384, which includes a master 
5 tracking computer system 390 and a postage refund center 392. The centralized postage- 
issuing computer system 386, end user computer 388, and master tracking computer system 
390 communicate with each other over commimications links 394 and 396 (such as, e.g., 
LAN, Intemet, or telephone network). 

These components are generally similar to the same-named components of the 
10 postage system 300, but differ somewhat in that it provides a means for providing refunds for 
unused postage. In this embodiment, in response to postage refund inquiries from an account 
administrator, each centralized postage-issuing computer system 386 retrieves previously 
stored postage transaction information, which contains, for each postage transaction, a 
tracking ID and an associated delivery status. The centralized postage-issuing computer 
1 5 system 3 86 filters the retrieved postage transaction information for pertinent refund 

information, and displays it to the account administrator who determines whether there is 
xmused postage to be refunded. The deUvery status within the stored postage transaction 
information is updated by the master tracking computer system 390. 

The refund inquiry can take a variety of formats. For example, a refund eligible 
20 inquiry can reveal postage transaction information that meets the following criteria: (1) two 
or more transactions; (2) none of the transactions have ever been refunded in the past; (3) 
issued for the same account; (4) issued on the same day; (5) issued to the same destination; 
(6) issued for the same service class; (7) issued for the same postage amount; and (8) each 
transaction has an associated unique tracking ID. Fig. 26 illustrates exemplary results of a 
25 refund eligible inquiry. As can been seen, the display information meets the afore-described 
criteria. The account administrator can simply select the refund option and the following 
steps will occur automatically: (1) the end user's account will be credited for the misprint; (2) 
the misprint postage transaction information will be date/time stamped in the postage 
database and flagged as "refunded"; (3) a refund request is issued to postage refund center 
30 392; and (4) the refunded postage transaction is entered into a statusing database, so that the 
deUvery status can be checked for six months. 

It should be noted that the date of this query is August 23, 2001, and the postage 
transactions in question were completed three days earlier. The USPS delivery status for the 
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first package presents the phrase "Your item was accepted at 10pm on August 21 in Palo 
Alto, CA 9430L This phrase is misleading in that it infers that the USPS actually took 
possession of this package. In reality, it only indicates the date/time in which the tracking 
information was posted to the master tracking computer system. When this message persists 
5 for days or weeks, one much conclude that the tracking ID was hideed issued, but the 

package never entered the postal system. As another example, an audit inquiry can reveal all 
postage transaction information in a specific user account. 

This process provides a complete audit trail even through there is no mail piece 
specimen. The process not only has utihty for misprint scenarios that do not produce a 

10 scannable specimen, but it can also be used for misprints that do produce a scannable 

specimen. Normally, the specimen must be mailed to the postage vendor, which involves an 
additional mailing expense for tiie end user, as well as an additional effort for both end user 
and postage vendor. This process would allow end users to simply destroy misprint 
specimens if they met the refimd criteria listed above. In essence, the evidence supporting 

15 the refimd is electronic and not paper-based. 

It should be noted that the entire process is enabled by the confluence of the 
centralized postage system concept and the imique tracking ID. Mail pieces devoid of a 
unique tracldng ID would not be eligible for this refund process, nor would mail pieces 
created by postage metering technologies, which are not centralized (e.g., conventional 
20 postage meters or PC-postage meters that draw upon a local "vault" of fimds to create 
postage indicia). 

Means can also be provided to automatically poll the delivery status of a "refunded" 
mail piece after the refimd is processed. This process will continue for a period of several 
months. If the master tracking computer system suddenly shows a change in delivery status 
25 for that refimded mail piece, an automated alert is forwarded to the postal authorities and an 
investigation can be launched. 

A refimd inquiry can also be in the form of an audit review of all postage transactions 
in a user account. Fig. 27 illustrates exemplary results of an audit review. The account 
administrator can review the list of postage transactions for duplicate postage transactions. 
30 Once a duplicate postage transaction is suspected, the account administrator can click "Get 
Status" to detemiine if the mail piece associated with either of the duplicate postage 
transactions has been delivered. A refimd inquiry can also be in the form of a refimd pattem 
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audit Fig. 28 illustrates exemplary results of a refund pattern audit performed on the 
customers of a particular postage vendor. As can be seen, the account administrator can 
determine the refund percentage (by piece and total postage amount) of each customer. 

Turning now to Figs. 29 and 30, the structural details of the postage system 380 will 
5 now be described. Each end user computer 388 is similar to the previously described end 
user computer 308 illustrated in Fig. 4, aad wiU thus not be described in further detail here. 
With specific reference to Fig, 29, each centraUzed postage-issuing computer system 386 
comprises data processing circuitry 1 120 (such as, e.g., a Central Processor Unit (CPU)) and 
a communications interface 1 122, which are similar to the same-named components of the 

10 previously described centralized postage-issuing computer system 305 and will thus not be 
described in further detail. The centralized postage-issuing computer system 386 further 
comprises a local memory 1 124, which is similar to the local memory 424 of the previously 
described centralized postage-issuing computer system 305, with the exception that it 
includes postage dispensing/refund eligibility modules 1 126 that are configured to 

1 5 additionally store and retrieve postage transaction information that includes a tracking ID and 
an associated delivery status for that tracking ID. The local memory 1 124 further includes, in 
addition to a customer database 1 128 and a finance database 11 32, a postage database 1 130 
for storing the tracking ID and associated delivery status in addition to other postage 
information previously described with respect to the postage database 430. The centraUzed 

20 postage-issuing computer system 386 further comprises a user interface 1 123, which includes 
a keyboard 1 125 and a display 1 127, which as will be described below, allows the accoimt 
administrator to issue a refund inquiry. 

Specifically, the postage dispensing/reftmd eligibility modules 1 126 include a 
communications module 1 134, database management module 1 136, tracking ID request 

25 module 1138, postage indicium request validation module 1 140, postage indicium generation 
module 1 142, delivery status request module 1 143, filtering module 1 145, refund inquiry 
module 1 147, and refund display module 1 149. The delivery status request module 1 143 is 
configured for generating a request for the delivery status for each tracking ID stored in the 
postage database 1 130. The filtering module 1 145 is configured for variously gen^ating 

30 refund information by filtering and formatting the postage transaction information retrieved 
fi-om the postage database 1 130, as will be described in further detail below. In addition to 
being configured for providing the communications previously described with respect to the 
communications module 434, the commianications module 1 134 is configured for 

60 

BNSCXXrD: <WO ^030446aOA2jA> 



wo 2003/044620 



PCT/US2002/033024 



transmitting delivery status requests to, and receiving confiLrmatory delivery status 
infonnation from, the master tracking computer system 890 over the communications link 
896. 

The database management module 1 136 is configured for storing and retrieving 
5 pertinent information in and from the customer database 1 128, postage database 1 130, and 
finance database 1 132. This fimction includes storing and retrieving a tracking ID and an 
associated delivery status, and updating that associated delivery status with confirmatory 
delivery status information received from the master tracking computer system 890. As will 
be described in ftirther detail, the confirmatory deUvery status information indicates whether 

10 a mail piece canying a tracking ID has, in fact, been delivered. The refimd inquiry module 
1 147 is configured for generating an inquiry for postage refimd information. In the illustrated 
embodiment, the inquiry contains a user account ID and password and the refimd inquiry, 
which as previously discussed, can include various types. The refimd display module 1 149 is 
configured for displaying on the display 1 127 Ihe postage refimd information filtered by the 

1 5 filtering module 1 1 45 . 

The tracking ID request module 1138, postage indicium request validation module 
1 140, and postage indicium generation module 1 142 (and corresponding private key 1 144) 
are configured to perform the same fimctions described with respect to the tracking ID 
request module 438, postage indicium request vaUdation module 440, and postage indicium 
20 generation module 442 (and corresponding private key 444), and will thus not be described in 
fijrther detail. 

Alternatively, a centralized postage-issuing computer system, in combination with the 
refund inquiry fimctionaUty, can be constracted similarly to the centralized postage-issuiug 
computer system 307, wherein tracking ID*s are issued to end user computers by the 

25 centralized postage-issuing computer system from a pool of pre-stored imassigned tracking 
ID'S, or even more alternatively, wherein no tracking ID issuing fimctionaUty, in which case, 
the master tracking computer system directly issues tracking ID's to the end user computer. 
A centralized postage-issuing computer system, in combination with the refimd inquiry 
flmctionality, can be constructed similarly to the centraUzed postage-issuing computer system 

30 356, wherein self-validating postage indicia are stored in the centralized postage-issuing 
computer system and indexing identifiers are transmitted to the end user computers. 
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Referring specifically to Fig. 30, the master tracking computer system 390 comprises 
data processing circuitry 11 64 (such as, e.g,, a Central Processor Unit (CPU)) and a 
communications interface 1 166, which are similar to the same-named components of the 
previously described master tracking computer system 310 and will thus not be described in 
5 further detail. The master tracking computer system 390 further comprises a local memory 
1 168, which is similar to the local memory 468 of the previously described master tracking 
computer system 310, with the exception that it includes tracking information maintenance 
modules 1 170 that, in addition to generating and maintaining unique tracking ID*s, keep track 
of the delivery status of the mail pieces carrying these tracking ID's. The local memory 468 
10 further includes a tracking information database 1 172, which stores unique tracking ID's and 
postage information, including the delivery status associated with the tracking ID's, 

The tracking information maintenance modules 1 170 include a commimications 
module 1 174, tracking ID allocation module 1 176, database management module 1 178, and 
refunded postage poUing module 1 180. In addition to being configured for providing the 

15 communications previously described with respect to the commimications module 474, the 
communications module 1 174 receives delivery status requests j&om, and transmits 
confirmatory delivery status information to, each centralized postage-issuing computer 
system 886 over the communications links 896. The confirmatory delivery status 
information is obtained from tracking stations (not shown), which scan tracked mail pieces 

20 when they are delivered. The tracking ID allocation module 1 176 is configured for 

performing the same functions as the tracking ID allocation module 476 previously described 
in the master tracking computer system 310. The database management module 1 178 is 
configured for storing and retrieving assigned tracking ID's and associated postage 
information (including deUvery status) to and from the tracking information database 1 172. 

25 The database management module 1 1 78 is further configured for updating the tracking 

information database 1 172 with refund infomiation. That is, if a specific postage transaction 
has been refunded, the database management module 1 178 will associate a refund indicator 
with the postage information relating to the specific postage transaction. The refunded 
postage polling module 1180 periodically polls the tracking information database 1 172 to 

30 determine if a mail piece associated with any refimded postage transaction has been 
deUvered. 

Referring to specifically Fig. 31, and with general reference to Figs. 29 and 30, the 
procedure for accumulating and updating the postage transaction information, including the 
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tracking ID's and associated delivery status, will now be described. At step 1200, tracking 
ID*s are issued and applied to a multitude of mail pieces, as previously described. 
Specifically, the tracking ID's can be indirectly issued fi-om the master tracking computer 
system 390 to the end user computers 388 via the centralized postage-issuing computer 
5 system 386, as in steps 500-525 of Fig. 9. Altematively, the tracking ID's can be directly 
issued firom the centralized postage-issuing computer system 386, as in steps 528-544 of Fig. 
10. Even more altematively, the tracking ID*s can be directly issued from the master tracking 
computer system 390 to the end user computers 388, as in steps 546-578 of Fig. 12. At step 
1202, self-validating postage indicia are dispensed and applied to the mail pieces, which is 
10 described in detail as steps 600-622 of Fig. 13. 

At step 1204, the postage transaction information, along with the tracking ID's and 
associated delivery status, is recorded. Specifically, the database management module 1 136 
stores the postage transaction information in the postage database 1 130. At step 1206, the 
multitude of mail pieces are processed through the postal authority, which in this case, is.the 

15 USPS. At step 1208, the postal authority, upon delivery of the mail pieces to their intended 
destination, reads the tracking ID's on the mail pieces. At step 1210, this deUvery 
information is transmitted to and recorded in the master tracking computer system 390. 
Specifically, the database management module 1 178 updates the confirmatory delivery status 
information in the tracking information database 1 172 by changing the status from 

20 "accepted" to "delivered.'* 

At steps 1212 and 1214, the centralized postage-issuing computer system 386 
generates and transmits a delivery status request to the master tracking computer system 390. 
Specifically, the delivery status request module 1 143 generates a delivery status request (step 
1212), and the communications interface 1122 then, under control of the communications 

25 module 1 134, transmits the delivery status request over the coromimications link 396 (step 
1214). At steps 1216-1220, the master tracking computer system 390 receives the delivery 
status request from the centralized postage-issuing computer system 386 and transmits the 
confirmatory delivery status information to the centralized postage-issuing computer system 
386. Specifically, the commxmications interface 1 166, imder control of the communications 

30 module 1 174, receives the delivery status request over the conamunications link 396 (step 
1216). The database management module 1 178 then retrieves the confirmatory deUvery 
status information from the tracking information database 1 172 (step 1218), and the 
commimications interface 1 166 tiien, under control of the communications module 1 174, 
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transmits the confirmatory delivery status information over the communications link 316 
(step 1220). Altematively, the confirmatory delivery status information can periodically be 
downloaded firom the master tracking computer system 390 without prompting by the 
centralized postage-issuing computer system 386. 

5 At steps 1222 and 1224, the centralized postage-issuing computer system 386 receives 

the confirmatory delivery status information fi-om the master tracking computer system 310 
and updates the delivery status within the stored postage transaction information with the 
confirmatory delivery status information. In particular, the communications interface 1222, 
under control of the communications module 1234, receives the confirmatory delivery status 

10 information over the communications link 396 (step 1222). The database management 

module 1 136 then updates the delivery status within the postage database 1 130 (step 1224). 
If the confirmatory delivery status information indicates that the mail piece carrying the 
tracking ID has been deUvered, the delivery status associated with that tracking ID will be 
updated as delivered. If the confirmatory deUvery status information indicates that the mail 

15 piece carrying the tracking ID has not been delivered, the delivery status associated with that 
tracking ID will be updated as not delivered. 

Referring to specifically Fig. 32, and with general reference to Fig. 29, the procedures 
for issuing a refund will now be described. At step 1230, the account adn^nistrator operates 
the user interface 11 23 of the c^tralized postage-issuing computer system 386 to make a 

20 refund inquiry. The type of refund inquiry can be, e.g., any of the three refund inquiries 
described above (refund ehgible inquiry, audit review, or refund pattern audit), but for 
purposes of the following explanation the refund ehgible inquiry will be described. At step 
1232, the database management module 1 136 retrieves for a specific user accoimt the postage 
transaction information fi-om the postage database 1 130. At step 1234, the filtering module 

25 1 145 selects the postage transaction information representing duplicative postage transaction. 
In particular, it selects the postage transactions that carry tracking ID's that have never been 
refunded in the past, that are issued for the specific user account, and that have identical key 
postage transaction items, i.e., postage transaction date, destination zip code, service class, 
and postage amount. At step 1236, the filtering module 1 145 then determines if any of the 

30 deUvery statuses for the selected postage transactions indicates that a mail piece has been 

deUvered. If so, it is determined that a refund for that postage transaction is forthcoming. In 
/this case, the database management module 1 136, at step 1238, credits the user's account for 
the misprint in the finance database 1 132. At step 1240, the database management module 
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1 136 then date/time stamps the misprint postage transaction in the postage database 1 130. In 
this manner, the filtering module 1 145 will filter out this refimded postage transaction in the 
future, so that it is not refimded multiple times. At step 1242, the account administrator issues 
a refimd request to the postage refimd center 392 of the postal authority (e.g., USPS). 

5 At steps 1244 and 1246, the postal authority then enters the refimded postage 

transaction into the master tracking computer system 390, where the delivery status can be 
checked for six more months. In particular, the database management module 1 178 will 
associate a refimd indicator with the postage information relating to the refimded postage 
transaction (step 1244), and the refimded postage polling module 1 180 periodically polls the 
1 0 tracking information database 1 1 72 to determine if a mail piece associated with any refimded 
postage transaction has been delivered (step 1246). 

It should be noted that the refimd process even allows an end user to initiate a refimd 
inquiry without intervention by the account administrator. In this case, the end user will 
would have to wait the required minimum time to ensure the "never mailed package" doesn't 
15 show up on the tracking system, but then the process is so automatic that the refimd could be 
instituted entirely without an account administrator's intervention. 

Although particular embodiments of the present inventions have been shown and 
described, it will be understood that it is not intended to limit the present inventions to the 
preferred embodiments, and it will be obvious to those skilled in the art that various changes 
20 and modifications may be made without departing firom the spirit and scope of the present 
inventions. Thus, the present inventions are intended to cover alternatives, modifications, 
and equivalents, which may be included within the spirit and scope of the present inventions 
as defined by the claims. All publications, patents, and patent applications cited herein are 
hereby incorporated by reference in their entirety for all purposes. 

25 
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CLAIMS 

What is claimed is: 

I . A method of providing a unique postage indicium for use in a postal system, 
comprising: 

5 generating a imique postage indicium having a character string that is unique within 

the postal system; 

deriving a digital signature from tiie unique character string; and 

associating the digital signature with the imique postage indicium to generate a self- 
validating unique postage indicium. 

10 2. The method of claim 1 , wherein the unique character string comprises a 

tracking ID. 

3. The method of claim 1, wherein the digital signature association comprises 
attaching the digital signature to the unique postage indicium. 

4. The method of claim 1, further comprising applying the self-vahdating unique 
15 postage indicium to a mail piece, 

5. The method of claim 1, further comprising applymg the self-vaUdating unique 
postage indicium to a mail piece in a harcode format. 

6. The method of claim 4, wherein the mail piece is a package. 

7. The method of claim 4, wherein the mail piece is an envelope. 

20 8. The method of claim 4, wherein the unique character string is also appUed to 

the mail piece independently of flie self-vaUdating unique postage indicimn. 

9. The method of claim 1, wherein the digital signature is generated by applying 
a private key to the imique postage indicium. 

10. The method of claim 1 , wherein the unique character string originates from a 
25 single database within the postal system. 

I I . The method of claim 1 , wherein the postal system is the United States Postal 
Service. 

12. The method of claim 1, wherein the unique postage indicium further has one 
or more items selected from the group consistmg of an indicia version number, algorithm 
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identification, certificate serial number, device identification, ascending register, postage, 
date of mailing, originating zip code, software identification, descending register, and rate 
category. 

13. A method of detecting postal fi^aud in a postal system, comprising: 

5 receiving a plurality of mail pieces within the postal system, each canying a self- 

validating postage indicium containing a postage indiciimi having a character string, and 
containing a digital signature derived from the character string; 

reading each self-validating postage indiciimi to obtain the postage indicium and 
digital signature; 

10 validating each postage indicium by determining if the digital signature is consistent 

with the character string; and 

comparing all of the character strings obtained fi-om the postage indicia. 

14. The method of claim 13, wherein each character string comprises a tracking 

ID. 

15 15. The method of claim 13, wherein each self-validating postage indicium is 

embodied in a barcode format, and the self-validating postage indiciimaL is read with a barcode 
reader. 

16. The method of claim 13, wherein each digital signature is generated with a 
private key, and the postage indiciimi authentication comprises applying a corresponding 

20 pubUc key to each digital signature. 

17. The method of claim 13, further comprises storing the character strings 
obtained fi*om the postage indicia in a single database. 

18. The method of claim 13, wherein the postal system is the United States Postal 
Service. 

25 1 9. The method of claim 1 3, wherein postal firaud is determined if two of the 

character strings match. 

20. The method of claim 13, wherein the postage indicium has postage* 
information in addition to the character string, and the digital signature is derived firom the 
character string and postage information. 
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21. A method of detectiBg postal fraud in a postal system, comprising: 

receiving a mail piece within the postal system, the mail piece carrying a self- 
validating postage indiciimi containing a postage indicimn having a character string, and a 
digital signature derived from the character string, the mail piece further carrying an expected 
5 representation of the character string independent of the self- validating postage indicium; 

reading the self-validating postage indicium to obtain the postage indicium and digital 
signature; 

validating the postage indicium by determhiing if the digital signature is consistent 
with character string; and 

10 comparing the character string obtained from the postage indicium to the expected 

representation of the character string. 

22. The method of claim 21, wherein the character string comprises a tracking ID. 

23. The method of claim 21, wherein the self- validating postage indicium is 
embodied in a barcode format, and the self-validating postage indicium is read with a barcode 

15 reader. 

24. The method of claim 21, wherein the digital signature is generated with a 
private key, and the postage indicium authentication comprises applying a corresponding 
public key to the digital signature. 

25 . The method of claim 2 1 , wherein the postal system is the United States Postal 
20 Service. 

26. The method of claim 21 , wherein postal fraud is determined if the character 
string obtained from the postage indicia does not match the expected character string 
representation. 

27. The method of claim 21 , wherein the character string obtained from the mail 
25 piece is compared with character strings obtained from other mail pieces. 

28. The method of claim 27, who-ein postal fraud is determined if two of the 
character strings match. 

29. The method of claim 2 1 , wherein the postage indicium has postage 
information in addition to the character string, and the digital signature is derived from the 

30 character string and postage information. 
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30. A method of providing postage indicia for use in a postal system, comprising: 

generating a plurality of imique postage indicia having a plurality of character strings 
unique within the postal system; 

deriving a plurality of digital signatures from the plurality of unique character strings; 

5 and 

generating a plmrality of self-validating imique postage indicia by associating the 
plurality of digital signatures with the plurality of unique postage indicia. 

3 1 . The method of claim 30, wherein all of the steps are perforaied in a 
centralized postage-issmng computer system. 

10 32. The method of claim 3 1 , further comprising: 

receiving a plurality of postage indicium requests at the centralized postage-issuiag 
computer system from a plurality of end user computers; and 

transmitting the plurality of self-validating imique postage indicia from the centralized 
postage-issuing computer system to the plurality of end user computers. 

15 33, The method of claim 32, wherein each of the plurality of postage indicium 

requests is embodied in a single data stream. 

34. The method of claim 32, ftirther comprising receiving the plurality of urdque 
character strings at the centralized postage-issuing computer system from a master tracking 
computer system. 

20 35. The method of claim 32, further comprising receiving the plurality of unique 

character strings at the centralized postage-issuing computer system from the plurality of end 
user computers. 

36. The method of claim 30, wherein all of the steps are piarformed in a plurality 
of end user computers. 

25 37. The method of claim 30, wherein the plurality of imique character strings 

comprises a plurality of unique tracking ID*s. 

38. The method of claim 30, wherein the digital signature association comprises 
attaching the plinality of digital signatures to the plurality of imique postage indicia. 
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39. The method of claim 30, further comprismg ^plying the plmrality of self- 
validating unique postage indicia to a plurality of mail pieces. 

40, The method of claim 30, further comprising applying the pluraUty of self- 
validating unique postage indicia to a pluraUty of mail pieces in a barcode format. 

5 41. The method of claim 40, wherein the plurality of mail pieces is a plurality of 

packages. 

42. The method of claim 40, wherein the plurality of mail pieces is a plurality of 
envelopes. 

43. The method of claim 30, wherein tlie pluraUty of digital signatures is 

10 generated by applying one or more private keys to the pluraUty of unique character strings. 

44. The method of claim 30, wherein the postal system is the United States Postal 
Service. 

45. The method of claim 30, wherein each of pluraUty of unique postage indicia 
further has one or more items selected from the group consisting of an indicia version 

15 number, algorithm identification, certificate serial number, device identification, ascending 
register, postage, date of mailing, originating zip code, software identification, descending 
register, and rate category. 

46. A method of providing a postage indicium for use in a postal system, 
comprising: 

20 receiving a unique identifier request from an end user computer; 

transmitting a unique identifier to the end user computer in response to the unique 
identifier request, wherein the unique identifier is unique within the postal system; 

receiving a postage indicium request from an end user computer; 

generating a unique postage indicium carrying the unique identifier; 

25 deriving a digital signature from the unique identifier; 

generating a self-validating unique postage indicium by associating the digital 
signature with the imique postage indicium; and 

transmitting the self-vaUdating unique postage indicium independently from the 
unique identifier transmitted in response to the unique identifier request. 
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47. The method of claim 46, wherein all of the steps are performed in a 
centralized postage-issuing computer system. 

48. The method of claim 47, further comprising receiving the unique identifier at 
the centralized postage-issuing computer system from a master tracking computer system. 

5 49. The method of claim 48, further comprising transmitting another imique 

identifier request from the centralized postage-issuing computer system to the master tracking 
computer system in response to receipt of the unique identifier request from the end user 
computer. 

50. The method of claim 48, further comprising storing the received unique 
10 identifier within the centralized postage-issuing computer system prior to receiving the 

unique identifier request. 

51 . The method of claim 46, wherein the unique identifier request is received at a 
master tracking computer system, the unique identifier is transmitted from the master 
tracking computer system, and the remaining steps are performed in a centralized postage- 

1 5 issuing computer system, the method further comprising receiving the unique identifier at the 
centraUzed postage-issuing computer system from the end user computer. 

52. The metiiod of claim 46, wherein the unique identifier is a single unique 
character string, 

53. The method of claim 52, wherein the unique identifier comprises a imique 
20 tracking ID. 

54. The method of claim 46, wherein the unique identifier comprises two or more 
character strings. 

55. The method of claim 54, wherein the unique identifier comprises a postage 
vendor ID, user account number, and piece coimt, 

25 56. The method of claim 46, wherein the digital signature association comprises 

attaching the digital signature to the imique postage indicium. 

57. The method of claim 46, further comprising: 

receiving the unique identifier at the end user computer; 

receiving the self- validating unique postage indicium at the end user computer; and 
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applying the receiving unique identifier and self-validating unique postage indicium 
to a mail piece. 

58. The method of claim 57, wherein the received unique identifier is applied to 
the mail piece in a one-dimensional barcode foraiat, and the self-validating imique postage 

5 indicium is applied to the mail piece in a two-dimensional barcode format 

59. The method of claim 57, wherein the mail piece is a package. 

60. The method of claim 57, wherein the mail piece is an envelope. 

6 1 - The method of claim 46, wherein the digital signature is generated by applying 
a private key to the unique identifier. 

10 62. The method of claim 46, wherein the postal system is the United States Postal 

SCTvice. 

63. The method of claim 46, wherein the imique postage indicium further has one 
or more items selected firom the group consisting of an indicia version mmiber, algorithm 
identification, certificate serial number, device identification, ascending register, postage, 

15 date of mailing, originating zip code, software identification, descending register, and rate 
category. 

64. A postage indicia generation system for implementation with a postal system, 
comprising: 

an end user computer; 

20 a cmtralized postage-issuing computer system; 

a communications link connecting the end user computer with the centralized 
postage-issuing computer system; 

wherein the end user computer is configured for transmitting a postage indicium 
request to the centralized postage-issuiag computer system over the communications link, 
25 and the centralized postage-issuing computer system is configured for generating and 
transmitting a self- validating unique postage indicium to the end user computer over the 
communications link, the self- validating unique postage indicium containing a character 
string unique to the postal system and a digital signature derived firom the unique character 
string. 
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65. The system of claim 64, further comprising: 
a master tracking computer system; and 

another commimications link connecting the centralized postage-issuing computer 
system with the master tracking computer system; 

5 wherein the master tracking computer system is configured for transmitting the 

unique character string to the centraUzed postage-issuing computer system over the other 
communications link. 

66. The system of claim 65, wherein the centralized postage-issuing computer 
system is further configured for transmitting a unique identifier request to the master tracking 

10 computer system over the commimications hnk in response to the postage indicium request. 

67. The system of claim 66, wherein the centraUzed postage-issuing computer 
system is further configured for storing the received character string within the centraUzed 
postage-issuing computer system prior to the postage indicium request. 

68. The system of claim 64, further comprising: 
15 a master tracking computer system; and 

another communications link connecting the end user computer with the master 
tracking computer system; 

wherein the end user computer is configured for transmitting a unique identifier 
request to the master tracking computer system over the other communications link, for 
20 receiving the unique character string firom the master tracking computer system over the other 
communications link, and for transmitting the unique character string to the centraUzed 
postage-issuing computer system over the communications Unk. 

69. The system ofclaim 64, furtlier comprising: 
a plurality of end user computers; 

25 a pluraUty of communications links connecting the plurahty of user computers with 

the centralized postage-issuing computer system; 

wherein the pluraUty end user computers is configured for transmitting a pluraUty of 
postage indicium requests to the centralized postage-issuing computer syst^n over the 
plurality of communications links, and the centraUzed postage-issuing computer system is 
30 configured for generating and transmitting a pluraUty of self-vaUdating unique postage 
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indicia to the plurality of end user computers over the plurality of communications links, the 
plurality of self-validating unique postage indicia containing a plurality of character strings 
unique to the postal system and a plurality of digital signatures derived from at least portions 
of a plurality of unique postage indicia containing the plurality of unique character strings. 

5 70. The system ofclaim 69, further comprising: 

a master tracking computer system; and 

another communications link connecting the centralized postage-issuing computer 
system with the master tracking computer system; 

wherein the master tracking computer system is configured for transmitting the 
10 plurality of unique character strings to the centralized postage-issxiing computer system over 
the other communications link. 

7 1 . The system of claim 69, further comprising: 
a master tracking computer system; and 

another plurality of cormnunications links connecting the plurality of end user 
1 5 computers with the master tracking computer sj^tem; 

wherein the plurality of end user computers is configured for transmitting a pluraUty 
of unique identifier requests to the master tracking computer system over the other plurality 
of communications links, for receiving the plurality of unique character strings firom the 
master tracking computer system over the other plurality of commimications links, and for 
20 transmitting the plurality of unique character strings to the centralized postage-issuing 
computer system over the plurality of communications links. 

72. The system of claim 64, wherein the unique character string comprises a 
unique tracking K). 

73 . The system of claim 64, wherein tiie end user computer is configured for 
25 applying the self-vaUdating unique postage indicium to a mail piece. 

74. The system of claim 64, wherein the centralized postage-issuing computer 
system is configured for applying a private key to the imique character string to generate the 
digital signature. 

75. The system of claim 64, wherein the postal system is the United States Postal 
30 Service. 
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76. The system of claim 64, wherein the imique postage indicium further has one 
or more items selected from the group consisting of an indicia version number, algorithm 
identification, certificate serial number, device identification, ascending register, postage, 
date of mailing, originating zip code, software identification, descending register, and rate 

5 category. 

77. A centralized postage-issuing computer system for issuing postage indicia 
within a postal system, comprising: 

data processing circuitry; 

a database storing a plurality of user accounts; 

10 a communications module, when executed by the data processing circuitry, 

configured for receiving a postage indicium request from an end user computer; and 

a postage indicium generation module, when executed by the data processing 
circuitry, configured for generating a self-validating unique postage indicium in response to 
the postage indicium request, the self-validating unique postage indicium containing a 
15 character string unique to the postal system and a digital signature derived from the unique 
character string. 

78. The centralized postage-issuing computer system of claim 77, wherein the 
communications module is further configured for transmitting the self-validating unique 
postage indicium to the end user computer. 

20 79. The centraUzed postage-issuing computer system of claim 77, wherein the 

postage indicium generation module comprises: 

a unique postage indicium generation submodule for generating the imique postage 
indicium; 

a digital signature generation submodule for generating the digital signature; and 

25 an association submodule for associating the digital signature with the unique postage 

indicia to generate the self- validating unique postage indicium. 

80. The centralized postage-issuing computer system of claim 77, wherein the 
communications module is further configured for receivmg the unique character string from a 
master tracking computer system. 
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81. The centralized postage-issuing computer system of claim 80, wherein the 
communications module is further configured for transmitting a unique identifier request to 
the master tracking computer system in response to receiving the unique identifier request 
fi:om the end user compute. 

5 82. The centraUzed postage-issuing computer system of claim 80, further 

comprising a database management module for storing the received character string in the 
database prior to receiving the unique identifier request from the end user computer. 

83. The centraUzed postage-issuing computer system of claim 77, wherein the 
communications module is further configured for receiving the imique character string firom 

10 the end user computer. 

84. The centralized postage-issuing computer system of claim 77, 

wherein the communications module is configured for receiving a plurality of postage 
indicium requests from a plurality of end user computers; and 

wherein the xmique postage indicia module is configured for generating a pluraUty of 
15 self-validating unique postage indicia in response to the plurality of postage indicium 
requests, the plurality of self- validating xmique postage indicia containing a plurality of 
character strings vinique to the postal system and a plurality of digital signatures of the 
plurality of unique character strings. 

85. The centralized postage-issuing computer system of claim 84, wherein the 
20 communications module is further configured for receiving the plurality of unique character 

strings from a master tracking computer system. 

86. The centralized postage-issuing computer system of claim 84, wherein the 
communications module is further configured for receiving the plurality of unique character 
strings from the plurality of end user computers. 

25 87- The centralized postage-issuing computer system of claim 77, wherein the 

imique character string comprises a unique tracking ID. 

88. The centralized postage-issuing computer system of claim 77, wherein the 
centralized postage-issuing computer system comprises a private key, and the postage 
indicium generation module is further configured for applying the private key to the unique 
30 character string to generate the digital signature. 
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89. The centralized postage-issuing computer system of claim 77, wherein the 
postal system is the United States Postal Service. 

90. The centralized postage-issuing computer system of claim 77, wherein the 
unique postage indicium further has one or more items selected from the group consisting of 

5 an indicia version nxmiber, algorithm identification, certificate serial number, device 

identification, ascending register, postage, date of mailing, originating zip code, software 
identification, descending register, and rate category. 

91 . A method of indexing a postage indicium within a database of a centraUzed 
postage-issuing computer system, the method comprising: 

1 0 generating a postage indicium associated with a mail piece; 

associating an indexing tracking ID with the postage indicium; and 

storing the indexed postage indicium within the database. 

92. The method of claim 91, wherein the indexing tracking ID is imique within a 
postal service. 

15 93 . The method of claim 92, wherein the postal service is the United States Postal 

Service. 

94. The method of claim 91, wherein the postage indicium comprises one or more 
items selected from the group consisting of postage amount, date and time of postage 
information creation, service class, optional data advance, and delivery zip code. 

20 95 . The method of claim 9 1 , ftirfher comprising: 

deriving a digital signature from the postage indicium; 

associating the digital signature with the postage indiciimi to generate an indexed self- 
validating postage indicium; and 

storing the indexed self-vaUdating postage indicium within the centralized postage- 
25 issuing computer system. 

96. The method of claim 95, wherein the digital signature association comprises 
attaching the digital signature to the postage indicium. 

97. The method of claim 95, wherein the digital signature is generated by applying 
a private key to the postage indicium. 
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98. The method of claim 95, wherein the indexed self-vaUdating postage indicium 
is generated within a physically secure coprocessor device. 

99. Themethodof claim 91, further comprising: 

receiving an indexing identifier request firom an end user computer; and 
5 transmitting the indexing tracking ID to the end user computer. 

1 00. The method of claim 9 1 , further comprising: 

receiving a postage indicium request containing the indexing tracking ID firom a 
postal authority; 

retrieving the indexed postage indicium from the database based on the received 
10 indexing tracking ID; and 

transmitting the indexed postage indiciimi to the postal authority. 

101. The method of claim 91 , further comprising: 

generating a plurality of postage indicia associated with a plurality of mail pieces; 
associating a plxu-aUty of indexing tracking IDs with the plurality of postage indicia; 

15 and 

storing the plurality of indexed postage indicia within the database. 

102. The method of claim 101, further comprising: 

receiving a plurality of indexing identifier requests firom a plurality of end user 
computers; and 

20 transmitting the plurality of indexing tracking IDs to the pluraUty of end user 

computers. 

103. The method of claim 101, further comprising: 

receiving a plurality of postage indicixmi requests containing the plurality of indexing 
tracking IDs from a postal authority; 

25 retricAong the plurality of indexed postage indicia from the database based on the 

plurality of received indexing tracking IDs; and 

transmitting the plurality of indexed postage indicia to the postal authority. 
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104. A method of validating postage for a postal service, the method comprising: 
generating a postage indicimn associated with a mail piece; 

associating an indexing tracking ID with the postage indicium; 
storing the indexed postage indicium within a database; 
5 applying the indexing tracking ID to the mail piece; 

reading the indexing tracking ID on the mail piece; and 

retrieving the indexed postage indicixam from the database based on the read indexing 
tracking ID. 

105. The method of claim 104, wherein the indexing tracking ID is unique within 
10 the postal service. 

106. The method of claim 105, wherein the postal service is the United States 
Postal Service. 

107. The method of claim 104, wherein the postage indicium comprises one or 
more items selected from the group consisting of postage amount, date and time of postage 

1 5 information creation, service class, optional data advance, and deUvery zip code. 

1 08. The method of claim 1 04, further comprising: 
deriving a digital signature from the postage indicium; 

associating the digital signature with the postage indicium to generate an indexed self- 
vahdating postage indicium; and 

20 storing the indexed self-validating postage indicium within the centralized postage- 

issuing computer system. 

109. The method of claim 108, wherein the digital signature association comprises 
attaching the digital signature to the postage iQdicimn. 

110. The method of claim 1 08, wherein the digital signature is generated by 
25 applying a private key to the postage indicium. 

111. The method of claim 1 08, whereiQ the indexed self-validating postage 
indicium is generated within a physically secure coprocessor device. 

1 12. The method of claim 104, wherein the indexing tracking ID is applied to the 
mail piece in a barcode format, and the indexing tracldng ID is read using a barcode reader. 
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113. The method of claim 112, wherein the barcode format is two-dimensional 
barcode format. 

1 14. The method of claim 1 12,wherein the barcode format is a one-dimensional 
barcode format. 

5 115. The method of claim 1 04, wherein the indexing tracking ID is applied to the 

mail piece in a hmnan-readable format, and the indexing tracking ID is read using an optical 
character reader. 

116. The method of claim 104, further comprising 

generating a plurality of postage indicia associated with a plurality of mail pieces; 

1 0 associatiag a plurality of indexing tracking IDs with the plurality of postage indicia; 

storing the plurality of indexed postage indicia within the database; 

applying the plurality of indexing tracking IDs to the plurality of mail pieces; 

reading the pluraUty of indexing tracking IDs on the plurality of mail pieces; and 

retrieving the plurality of indexed postage indicia from the database based on the 
1 5 plxurality of read indexing tracking IDs. 

117. A centralized postage-issuing computer systCTi for indexing a postage 
indiciiun, comprising: 

data processing circuitry; 

a database; 

20 a postage indicium generation module, when executed by the data processing 

circuitry, configured for generating a postage indicium; 

an indexing module, when executed by the data processing circuitry, configured for 
associating an indexing tracking ID with the postage indicium; and 

a database management module, when executed by the data processing circuitry, 
25 configured for storing the indexed postage indicium within the database, and for retrieving 
the indexed postage indicium from the database based on the indexing tracking ID. 

118. The cmtralized postage-issuing computer system of claim 117, wherein the 
indexing tracking ID is unique within a postal service. 
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119. The centralized postage-issuing computer system of claim 118, wherein the 
postal system is the United States Postal Service. 

120. The centralized postage-issuing computer system of claim 1 17, wherein the 
postage indicium comprises one or more items selected from the group consisting of postage 
amoimt, date and time of postage information creation, service class, optional data advance, 
and delivery zip code. 

121. The centralized postage-issuing computer system claim 1 17, wherein the 
postage indicium generation module is configured for generating a self-validating postage 
indicium in response to the indexing identifier request, the indexing module is configured for 
associating the indexing tracking ID with the self-validating postage indicium, and the 
database management module is configured for storing the indexed self-validating postage 
indicium within the database. 

122. The centralized postage-issuing computer system of claim 121 , wherein the 
postage indicium generation module comprises: 

a postage indicium generation submodule for generating the postage indicium; 

a digital signature generation submodule for generating the digital signature; and 

an association submodule for associating the digital signature with the postage 
indicium to generate the self-validating indexed postage indicium. 

123. The centralized postage-issuing computer system of claim 117, wherein the 
database is associated with a physically secure coprocessor device. 

124. The centralized postage-issuing computer system of claim 1 17, further 
comprising a communications module, when executed by the data processing circuitry, 
configured for receiving an indexing identifier request from an end user computer, and for 
transmitting the indexing tracking ID to the end user computer. 

125. The centralized postage-issuing computer system of claim 1 17, further 
comprising a communications module, when executed by the data processing circuitry, 
configured for receiving a postage indicium request containing the indexing tracking ID from 
a postal authority, and for transmitting the retrieved mdexed postage indicium to the postal 
authority. 

126. The centralized postage-issxiing computer system of claim 117, wherein 
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the postage indicium generation module is configured for generating a plurality of 
postage indicia; 

the indexing module is configured for associating a plurality of indexing tracking IDs 
with the pluraUty of postage indicia; and 

5 the database management module is configured for storing the plurality of indexed 

postage indicia within the database, and for retrieving the plurality of indexed postage indicia 
firom the database based on the plurality of indexing tracking IDs. 

127. The centralized postage-issuing computer system of claim 126, further 
comprising a commimications module, when executed by the data processing circuitry, 

10 configured for receiving a pluraUty of indexing identifier requests from a plurality of end user 
computers, and for transufiitting the plurality of indexing tracking IDs to the plurality of end 
user computers. 

128. The centralized postage-issuing computer system of claim 126, fiirfher 
comprising a commxmications module, when executed by the data processing circuitry, 

1 5 configured for receiving a plurality of postage indicium requests containing the plurality of 
indexing tracking IDs from a postal authority, and for transmitting the plurality of retrieved 
indexed postage indicia to the postal authority. 

129. A method of validating postage in a postal system, comprising: 

receiving a postage indicium request from a postal authority, wherein the postage 
20 indicium request carries an indexing tracking ID and is associated with a mail piece inspected 
by the postage authority; 

retrieving an indexed postage indicium from a database based on the received 
indexing tracking ID; and 

transmitting the postage indicium to the postal authority. 

25 130. The method of claim 129, wherein the indexing tracking ID is unique within a 

postal service. 

131. The method of claim 130, wherein the postal service is the United States 
Postal Service. 
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132. The method of claim 129, wherein the indexed postage indicium comprises 
one or more items selected from the group consisting of postage amount, date and time of 
postage information creation, service class, optional data advance, and delivery zip code. 

133. The method of claim 129, wherein the indexed postage indicium is a self- 
5 validating postage indicium. 

134. The method of claim 129, wherein the database is associated with a physically 
secure coprocessor device. 

135. The method of claim 129, further comprising: 

receiving a pluraUty of postage indicium requests from a postal authority, wherein the 
10 plurality of postage indicium requests carries a plurality of indexing tracking IDs and is 
associated with a plurality of mail pieces inspected by the postage authority; 

retrieving a plurality of indexed postage indicia from the database based on the 
pluraUty of received indexing tracking IDs; and 

transmitting the plurality of postage indicia to the postal authority. 

15 1 36. A method of indexing sender identification information within a database of a 

centralized postage-issuing computer system, the method comprising: 

generating sender identification information associated with a mail piece; 

associating an indexing tracking ID with the sender identification information; and 

storing the indexed sender identification information within the database. 

20 137. The method of claim 136, wherein the indexing tracking ID is unique within a 

postal service. 

138. The method of claim 137, wherein the postal service is the United States 
Postal Service. 

139. The method of claim 136, wherein the sender identification information 

25 comprises one or more items selected from the group consisting of the sender name, sender 
employer, sender address, and sender zip code. 

140. The method of claim 136, fiirther comprising: 

receiving a sender identification request containing the indexing tracking ID from a 
mail recipient computer; 
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retrieving the sender identification information from the database based on the 
received indexing tracking ID; and 

transmitting the sender identification information to the mail recipient computer. 

141. The method of claim 136, fiirther comprising: 

5 generating a sender identification information associated with a plurality of mail 

pieces; 

associating a plurality of indexing tracking IDs with the sender identification 
information; and 

storing the sender information within the database. 

10 142. The method of claim 141, further comprising: 

receiving a plurahty of sender identification requests containing the pluraUty of 
indexing tracking IDs from a plurality of mail recipient computers; 

retrieving the sender identification information from the database based on the 
plurality of received indexing tracking IDs; and 

1 5 transmitting the sender identification information to the mail recipient computers. 

143. A centralized postage-issuing computer system for indexing sender 
identification information, comprising: 

data processing circuitry; 

a database; 

20 an indexiag module, when executed by the data processing circuitry, configured for 

associating an indexing tracking ID with the sender identification information; and 

a database management module, when executed by the data processing circuitry, 
configured for storing the indexed sender identification information within the database, and 
for retrieving the indexed sender identification information from the database based on the 
25 indexing tracking ID. 

144. The centralized postage-issuing computer system of claim 143, wherein the 
indexing tracking ID is unique within a postal service. 

145. The centralized postage-issuing computer system of claim 144, wherein the 
postal system is the United States Postal Service. 
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146. The centralized postage-issuing computer system of claim 143, wherein the 
sender identification information comprises one or more items selected from the group 
consisting of the sender name, sender employer, sender address, and sender zip code. 

147. The centralized postage-issuing computer system of claim 143, further 
5 comprising a commimications module, when executed by the data processing circuitry, 

configured for receiving a sender identification request containing the indexing tracking ID 
firom a mail recipient computer, and for transmitting the retrieved indexed sender 
identification information to the mail recipient computer. 

148. The centralized postage-issuing computer system of claim 143, wherein 

10 the indexing module is configured for associating a plurality of indexing tracking IDs 

with sender identification information; and 

the database management module is configured for storing the indexed sender 
identification information within the database, and for retrieving the indexed sender 
identification information from the database based on the plurality of indexing tracking IDs. 

15 149. The centralized postage-issuing computer system of claim 148, fiirther 

comprising a communications module, when executed by the data processing circuitry, 
configured for receiving a plurality of sender identifications requests containing the plxirality 
of indexing trackmg IDs from a plurality of mail recipient computers, and for transmitting the 
retrieved indexed sender identification information to the plurality of mail recipient 

20 computers. 

150. A method of verifying a sender of a mail piece, comprising: 

receiving a sender identification request from mail recipient computer, wherein the 
sender identification request carries an indexing tracking ID associated with a mail piece 
received from a postal authority; 

25 retrieving indexed sender identification information from a database based on the 

received indexing tracking ID; and 

transmitting the sender identification information to the mail recipient computer. 

151. The method of claim 1 60^ wherein the indexing tracking ID is imique within a 
postal service. 
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1 52. The method of claim 151, wherein the postal service is the United States 
Postal Service. 

153. The method of claim 150, wherein the sender identification information 
comprises one or more items selected firom the group consisting of the sender name, sender 

5 employer, sender address, and sender zip code. 

1 54. The method of claim 1 50, fiirther comprising: 

receiving a plurality of sender identification requests firom a pluraUty of mail recipient 
computers, wherein the plurality of sender identification requests carries a plurality of 
indexing tracking IDs and is associated with a plurality of mail pieces received from a 
10 postage authority; 

retrieving indexed sender identification information from the database based on the 
pluraUty of received indexing tracking IDs; and 

transmitting the sender identification information to the plurality of mail recipient 
computers. 

15 155. A method of refimding postage, comprising: 

storing information for a postage transaction in a database, the postage transaction 
information comprising a tracking ID and an associated delivery status; 

receiving a postage refimd inquiry; and 

retrieving the postage transaction information from the database in response to the 
20 postage refund inquiry. 

156. The method of claim 155, fiirther comprising refimding the postage based on 
the retrieved postage transaction information. 

157. The method of claim 155, fiirther comprising displaying tibie postage 
transaction information. 

25 158. The method of claim 155, fiulher comprising: 

receiving confirmatory delivery status information associated with the tracking ID; 

and 

updating the dehvery status in the database with the confirmatory dehvery status 
information. 
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159. The method of claim 155, wherein the postage transaction information further 
comprises a postage transaction date. 

160. The method of claim 1 55, wherein the postage transaction information further 
comprises a postage transaction date, postage transaction time, destination zip code, service 

5 class, postage amoimt, and mail piece weight. 

161. The method of claim 155, wherein the confirmatory delivery status 
informatjion is received from a postal authority. 

162. The method of claim 1 55, wherein the postage refund inquiry is received from 
an account administrator. 

10 163. The method of claim 155, wherein the postage refund inquiry is received from 

an end user. 

164. The method of claim 155, wherein the postage is refunded based on the 
deUvery status contained within the retrieved postage transaction information. 

165. The method of claim 164, wherein the postage is refunded only if the retrieved 
15 delivery status indicates that a mail piece associated with the tracking ID has not been 

deUvered. 

166. The method of claim 164, wherein the postage is not refunded if the retrieved 
delivery status indicates that a mail piece associated with the tracking ID has been deUvered. 

167. The method of claim 155, further comprising: 
20 applying the tracking ID to a mail piece; 

processing the mail piece through a postal authority; 
reading the tracking ID on the mail piece; and 

updating the confirmatory delivery status information to indicate that the mail piece 
has been delivered. 

25 168. The method of claim 167, wherein the postage is not refunded. 

1 69. A method of refunding postage, comprising: 

storing information for a pluraUty of postage transactions in a database, the 
information for each postage transaction comprising a tracking ID, postage transaction date, 
and delivery status associated with the tracking ID; 
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associating the stored postage transaction information with a user account; 
receiving a postage refund inquiry for the user account; 

retrieving the postage transaction information from the database in response to the 
postage refund inquiry; and 

5 refunding the postage for a first postage transaction only if the delivery status for the 

first postage transaction indicates that a mail piece associated with the tracking ID for the 
first postage transaction has not been delivered, and the postage transaction dates for the first 
and second postage transactions are the same. 

1 70. The method of claim 1 69, 

10 wherein the information for each postage transaction comprises a destination zip code, 

service class, and postage amount; and 

wherein the postage is refunded only if the destination zip codes, service classes, and 
postage amounts for the first and second postage transactions are the same. 

171. The method of claim 169, further comprising: 

1 5 receiving confirmatory delivery status information associated with the plurality of 

tracking ID*s; and 

updating the plurality of delivery statuses in the database with the confirmatory 
delivery status information. 

172. The method of claim 171, whereia the confirmatory delivery status 
20 information is received from a postal authority. 

173. The method of claim 169, wherein the postage refund inquiry is received from 
an account administrator. 

174. The method of claim 169, wherein the postage refund inquiry is received from 
an end user. 

25 175. The method of claim 169, further comprising: 

applying the plurality of tracking ID's to a plurality of mail pieces; 
processing the plurality of mail pieces through a postal authority; 
reading the tracking ID on a mail piece; and 



88 



BNSDOCID: <WO ^0304462042 JA> 



wo 2003/044620 PCT/US2002/033024 

Updating the confirmatory delivery status information to indicate that the plurality of 
mail pieces have been dehvered. 

176. The method of claim 175, wherein the postage is not refunded. 

177. A method of providing status for a plurality of mail pieces tracked by a postal 
5 authority, comprising: 

storing information for a plurality of postage transactions in a database, the 
information for each postage transaction comprising a tracking ID and an associated deUvery 
status; 

receiving confirmatory delivery status information fi-om the postal authority; and 

10 updating the plurality of deUvery statuses in the database with the confirmatory 

deUvery status information. 

178. The method of claim 177, fiirther comprising associating the stored postage 
transaction information with a plurality of user accounts, 

179. The method of claim 177, wherein the iirformation for each postage 
1 5 transaction further comprises a postage transaction date. 

180. The method of claim 177, wherein the information for each postage 
transaction further comprises a postage transaction date, postage transaction time, destination 
zip code, service class, postage amount, and mail piece weight. 

181. The method of claim 1 77, further comprising: 

20 appljdng the plurality of tracking ID's to a plurality of mail pieces; 

processing the plurality of mail pieces through a postal authority; 

reading the plurality of tracking ID's on the plurality of mail pieces; and 

updating the confirmatory deUvery status information to indicate that the plurality of 
mail pieces have been delivered. 

25 1 82. A centralized postage-issuing computer system for providing status for a 

plurality of mail pieces tracked by a postal service, comprising: 

data processing circuitry; 

a database; 
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a coxmnunications module, when executed by the data processing circuitry, 
configured for receiving confirmatory delivery status information firom a master tracking 
computer system; and 

a database management module, when executed by the data processing circuitry, 
5 configured for storing information for a plurality of postage transactions in a database, the 
information for each postage transaction comprising a tracking ID and an associated deUvery 
status, the database management module further configured for updating the delivery status 
with the confirmatory delivery status information. 

1 83 . The centralized postage-issuing computer system of claim 1 82, further 

1 0 comprising a delivery status request module, when executed by ttie data processing circuitry, 
configured for generating a request for the confirmatory delivery status information, wherein 
the commimications module is fiirther configured for transmitting the request to the master 
tracking computer system. 

1 84. The centralized postage-issuing computer system of claim 1 82, wherein the 
IS database management module is further configured for associating the stored postage 

transaction information with a plurality of user accounts. 

185. The centralized postage-issuing computer system of claim 1 82, wherein the 
information for each postage transaction further comprises a postage transaction date. 

1 86. The centralized postage-issuing computer system of claim 1 82, wherein the 
20 information' for each postage transaction further comprises a postage transaction date, 

postage transaction time, destination zip code, service class, postage amount, and mail piece 
weight. 

1 87. A method of determining whether issued postage has been used, comprising: 

storing information for a pluraUty of postage transactions in a database, the 
25 information for each postage transaction comprising one or more postage transaction items, a 
tracking ID and an associated delivery status; 

associating the postage transaction information with a user account; 

receiving an inquiry for duplicative postage transactions; 

retrieving the postage transaction information firom the database; 
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selecting the postage transactions in which the one or more postage transaction items 
are identical; and 

determining if any of the delivery statuses for the selected postage transactions 
indicates that a mail piece has been delivered, 

5 188. The method of claim 1 87, further comprising displaying the selected postage 

transactions to a postal authority. 

1 89. The method of claim 1 87, further comprising determining that issued postage 
is mused if the any delivery statuses for the selected postage transactions indicates that a 
mail piece has been delivered. 

10 1 90. The method of claim 187, further comprising displaying the postage 

transaction information for the selected postage transactions. 

191. The method of claim 187, wherein the one or more postage transaction items 
comprises a postage transaction date, destination zip code, service class, and postage amount 

1 92. The method of claim 1 87, further comprising: 

15 receiving confirmatory delivery status information; and 

updating the dehvery statuses in the database with the confirmatory delivery status 
information. 

193. The method of claim 192, wherein the confirmatory delivery status 
information is received fi-om a postal authority. 

20 1 94. The method of claim 1 92, wherein the duplicative postage transaction inquiry 

is received fi-om an account administrator. 

195. The method of claim 192, wherein the dupUcative postage transaction inquiry 
is received firom an end user. 

196. The method of claim 192, further comprising: 

25 applying the plurality of tracking ID's to a plurality of mail pieces; 

processing the plurality of mail pieces through a postal authority; 

reading the plurality of tracking ID's on the plurality of mail pieces; and 

updating the confirmatory delivery status information to indicate that the plurality of 
mail pieces have been delivered. 
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197. The method of claim 196, further comprising determining that issued postage 
is not unused* 

198. A centraUzed postage-issuing computer system for determining whether issued 
postage has been used, comprising: 

5 data processing circuitry; 

a database; 

a communications module, when executed by the data processing circuitry, 
configured for receiving an inquiry for dupUcative postage transactions; and 

a database management module, when executed by the data processing circuitry, 
10 configured for storing information for a plurality of postage transactions in a database, the 
information for each postage transaction comprising one or more postage transaction items, a 
tracking ID and an associated delivery status, the database management module further 
configured for associating the postage transaction information with a user account; and 

a filtering module, when executed by the data processing circuitry, configured for 
15 selecting the postage transactions in which the one or more postage transaction items are 

identical, and determining if any of the delivery statuses for the selected postage transactions 
indicates that a mail piece has been delivered. 

199. The centralized postage-issuing computer system of claim 1 98, wherein the 
filtering module is further configured for determining that issued postage is unused if the any 

20 delivery statuses for the selected postage transactions indicates that a mail piece has been 
delivered. 

200/ The centraUzed postage-issuing computer system of claim 198, wherein the 
one or more postage transaction items comprises a postage transaction date, destination zip 
code, service class, and postage amount. 

25 201. The centralized postage-issuing computer system of claim 1 98, wherein the 

communications module is further configured for receiving confirmatory deUvery status 
information, and the database management module is further configured for updating the 
delivery statuses with the confirmatory delivery status information. 
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